CN101536401A - Information processing device - Google Patents
Information processing device Download PDFInfo
- Publication number
- CN101536401A CN101536401A CN200780042720.2A CN200780042720A CN101536401A CN 101536401 A CN101536401 A CN 101536401A CN 200780042720 A CN200780042720 A CN 200780042720A CN 101536401 A CN101536401 A CN 101536401A
- Authority
- CN
- China
- Prior art keywords
- directed
- horizontal axis
- coordinate points
- key
- relevant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
An information processing device, a terminal, an information processing method, a key creating method, and a program all for enabling the user to hold a reduced number of keys. The information processing device draws a directed graph expressing an encryption key creation logic for deriving a set key used to encrypt contents or a content key. In this technique, a set of user terminals is divided into sub-sets, a set key and an intermediate key are allocated to each sub-set, and, if an intermediate key associated with a sub-set is inputted, the intermediate key corresponding to the sub-set associated with the set key and the directed branch corresponding to the sub-set associated with the inputted intermediate key is outputted. The invention further relates to a technique of replacing a directed branch included in the directed graph with a shorter directed branch according to a predetermined replacement rule. The technique produces an effect of reducing the number of intermediate keys that each user has to hold.
Description
Technical field
The present invention relates to information process unit, terminal unit, information processing method, key generation method and program.
Background technology
Nowadays, the development that relates to the encryption technology of the content distribution (contents distribution) by network etc. has attracted to pay close attention to widely.Especially, safety and effectively the distribution method that is used to decipher the encryption key of encrypted content attracted special concern.Generally speaking, following scheme is essential: about distributing a distributor of encrypted content, there be n (n is the natural number more than or equal to 2) recipient, and among a unlimited interceptor who is present on the network, only have this n recipient can decipher encrypted content with effective reception right.Further, because the quantity n with recipient of effective reception right changes in time, therefore exist for the demand of the scheme of processing variation neatly in recipient's set.
In addition, in the realization of this scheme, the processing load of generation, preservation and the distribution of encryption key, the encryption of content etc. in the distributor, occurs relating to, and the processing load of the deciphering of the preservation of decruption key and reception, content etc. appears relating in nature in the recipient.By various nearest technical developments (as, the raising of the raising of the memory capacity of throughput information treatment facility etc., the communication speed of information transmission path), it is true relatively reducing about the load of above-mentioned encryption distribution processor load.Yet, the correspondingly increase of processing load that causes because the rapid increase of the consumer's of content distribution service quantity and safety to the demand of the encryption technology that is enough to take precautions against experienced malicious intercepted person, are encrypted distribution.
Under these circumstances, as in order to safely information is sent to technology by the use broadcast channel, the scheme such as cancelling scheme (revocationscheme) and broadcast encryption scheme has been proposed by the optional group of recipients of distributor.An example of broadcast encryption scheme is a disclosed encryption key distribution scheme in below the non-patent literature 1, and the feature of described scheme is to use existing hierarchical tree structure, and cipher key distribution scheme is carried out the improvement that key is derived path (key derivation path).Specifically, this scheme (wherein, recipient's set regarded as is divided into a plurality of subclass) by adding certain subclass to and create new subclass with being not included in recipient in the subclass, and create the subclass chain as the result who repeats this processing, derive the encryption key corresponding along described chain then with each subclass.Can reduce the quantity of the key that will preserve by the recipient thus, in order to the amount of calculation of generating solution decryption key and the traffic (traffic) that is used for key distribution.
[non-patent literature 1] Nuttapong Attrapadung and Hideki Imai, " SubsetIncremental Chain Based Broadcast Encryption with Shorter Ciphertext ", The28th Symposium on Information Theory and Its Applications (SITA2005).
Summary of the invention
The problem to be solved in the present invention
With such as CD scheme (complete subtree scheme, Complete Subtree Scheme) and SD scheme (subset difference scheme, Subset Difference scheme) and so on cipher key distribution scheme is compared, and has significant advantage according to the encryption key distribution scheme of above-mentioned non-patent literature 1.Yet from the practical term that hypothesis realizes, there are the following problems: under large numbers of situations of recipient, the required amount of calculation of the quantity of the key that will be preserved by terminal unit at recipient's end and contents decryption is still very big.
Finished the present invention and solved above problem, that target of the present invention thus provides is new, improved, can reduce information process unit, terminal unit, information processing method, key generation method and the program of the quantity of the key that will be preserved by terminal unit at recipient's end.
The device of dealing with problems
In order to overcome the above problems, according to an aspect of the present invention, information process unit is provided, comprise: directed graph obtains part, in the interim directed graph of forming by many directed edges, obtain the directed graph that generates by at least one directed edge of replacing the described interim directed graph of composition with shorter directed edge; And the key generating portion, based on the directed graph that obtains by described directed graph acquisition unit branch, generate and to be used to encrypt or the set key of decryption content or content key.
Further, in order to overcome the above problems, according to an aspect of the present invention, information process unit is provided, numbering 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, with the number definition of distributing to the leaf node that is positioned at left end is 1v, and the number definition that will distribute to the leaf node that is positioned at right-hand member is rv, for natural number i and j, i≤j wherein, suppose to gather (i → j) be expressed as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, first horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, described information process unit comprises: directed graph obtains part, obtain the directed graph that generates by at least one directed edge of replacing the interim directed graph of composition with shorter directed edge, described interim directed graph is according to satisfying n for given integer k
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, have length n by on first to the 4th horizontal axis, arranging
I/kMany directed edges form, i=0 wherein, 1 ..., x-1; And the key generating portion, based on the directed graph that obtains by described directed graph acquisition unit branch, generate and to be used to encrypt or the set key of decryption content or content key.
Further, in order to overcome the above problems, according to an aspect of the present invention, information process unit is provided, has comprised: tree structure is provided with part, and configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, wherein i≤j, by gathering (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, j, j-1} ..., { j, j-1 ..., i+1, i}}, among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
Comprise that further reference axis is provided with part, in order to first horizontal axis to be set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points
Further comprise interim directed graph generating portion,, calculate and satisfy n in order to by given integer k is set
(x-)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds to and set (1 → n-1) relevant interim directed graph, generate and gather (1 → n) relevant interim directed graph
Further comprise the longest directed walk determining section,, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk in order among the directed walk that forms by continuous directed edge, and
Further comprise the directed graph generating portion, be no more than the mode of the quantity of the directed edge of long directed walk, replace the directed edge of forming each directed walk with shorter directed edge and generate directed graph in order to the quantity of the directed edge by each directed walk.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted information of being distributed, under situation about not increasing for each user (terminal unit) in order to the worst-case value of the required amount of calculation of generating solution decryption key, the quantity of the key that minimizing will be preserved by each user.
With set (1 → n), set (2 ← n), set (1v+1 ← rv) and gathering (among the relevant interim directed graph of 1v → rv-1), the longest directed walk determining section can be determined the longest directed walk in each interim directed graph about not comprising each interim directed graph of the longest directed walk.Further, in each interim directed graph for each interim directed graph, the directed graph generating portion can be by each directed walk the quantity of directed edge be no more than the mode of the quantity of the directed edge of long directed walk, replace the directed edge of forming each directed walk with shorter directed edge and generate directed graph.
Information process unit may further include the key generating portion, in order to generate the set key that is used for encrypted content or content key based on described directed graph.
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
Information process unit may further include initial intermediate key part is set, and is set to the intermediate key corresponding with the afterbody of each directed graph in order to given random number.
Information process unit may further include encryption section, comes decryption content or content key in order to use the set key.
Information process unit may further include translator unit, in order to respectively with the leaf node 1 to n (n is a natural number) of forming given binary tree in some or all relevant terminal units transmission by the interior perhaps content key of encryption section encryption.
Directed graph obtains the directed edge that part can be replaced interim directed graph by the mode that directed edge that will be shorter is placed towards the afterbody of each directed walk.
Information process unit may further include the subclass determining section, subclass by leaf node 1 to n is set to Si, the set (N R) of the terminal unit of the interior perhaps content key of encrypting by use set key is deciphered in definite permission, and definite satisfied (N R)=S1 ∪ S2 ∪ that gathers ... the m of ∪ Sm subclass S1 is to Sm.
The suspicious definite subclass S1 of subclass determining section to Sm so that minimize m.
Information process unit may further include translator unit, forms the information of the subclass S1 of set (N R) to Sm in order to information from indication set (N R) to terminal unit that transmit or indication.
Information process unit may further include decryption portion, comes decryption content or content key in order to use the set key.
Information process unit may further include receiving unit, and it is relevant with one or more leaf nodes 1 to n (n is a natural number) of forming given binary tree, receives the interior perhaps content key that uses the set secret key encryption.
By receiving unit receive encrypted in perhaps encrypted content key can decipher by one or more information process units, described one or more information process unit is relevant with leaf node as the element of S set, and described S set is included in the leaf node relevant with himself among the S set i of the subclass that is defined as leaf node 1 to n.
Further, in order overcoming the above problems, according to a further aspect in the invention, to provide terminal unit, to have comprised: the key generating portion generates the set key that is used for decryption content or content key based on directed graph.
Described directed graph by the terminal unit reference obtains as follows: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein, to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points, by given integer k is set, calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; Among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Terminal unit may further include decryption portion, in order to use the set key decipher encrypted in perhaps encrypted content key.
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
Decryption portion is deciphered encrypted content key by using described set key, and uses through the content key of deciphering and decipher encrypted content.
Terminal unit further comprises the judgement part, judge based on received information whether described terminal unit belongs to subclass S1 any one in the Sm, and judge the deciphering that whether allows encrypted content based on result of determination, wherein the subset definition of leaf node 1 to n with tree is Si, and when the set of having determined to allow deciphering by the terminal unit of the content using described set key or described content key and encrypt (N R), determine satisfied (N the R)=S1 ∪ S2 of set ∪ ... the m of ∪ Sm subclass S1 is to Sm, and the information of set (N R) is indicated in reception or indicate composition to gather the information of the subclass S1 of (N R) to Sm.
When judging that described terminal unit belongs to subclass S1 any one in Sm, decryption portion by use with described terminal unit under the corresponding set key of subclass come decryption content or content key.
Further, in order to overcome the above problems, in accordance with a further aspect of the present invention, information processing method is provided, comprise: the directed graph obtaining step, in the interim directed graph of forming by many directed edges, obtain the directed graph that generates by at least one directed edge of replacing the described interim directed graph of composition with shorter directed edge; And key generates step, based on the directed graph that is obtained by described directed graph acquisition unit branch, generates and is used to encrypt or the set key of decryption content or content key.
Further, in order to overcome the above problems, in accordance with a further aspect of the present invention, information processing method is provided, numbering 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, with the number definition of distributing to the leaf node that is positioned at left end is 1v, and the number definition that will distribute to the leaf node that is positioned at right-hand member is rv, for natural number i and j, i≤j wherein, suppose to gather (i → j) be expressed as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be expressed as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}}, first horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, described information processing method comprises: the directed graph obtaining step, obtain the directed graph that generates by at least one directed edge of replacing the interim directed graph of composition with shorter directed edge, described interim directed graph is according to satisfying n for given integer k
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, have length n by on first to the 4th horizontal axis, arranging
I/kMany directed edges form, i=0 wherein, 1 ..., x-1; And key generates step, based on the directed graph that is obtained by described directed graph obtaining step, generates and is used to encrypt or the set key of decryption content or content key.
Further, in order to overcome the above problems, in accordance with a further aspect of the present invention, information process unit is provided, has comprised: tree structure is provided with step: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; Reference axis is provided with step: first horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points; Interim directed graph generates step: by given integer k is set, calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; The longest directed walk determining step among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk; And directed graph generates step, is no more than the mode of the quantity of the directed edge of long directed walk by the quantity with the directed edge of each directed walk, replaces the directed edge of forming each directed walk with shorter directed edge and generates directed graph.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further, in order overcoming the above problems, according to a further aspect of the present invention, to provide key generation method, to have comprised: key generates step, generates the set key that is used for decryption content or content key based on directed graph.
The described directed graph that is used for key generation method obtains as follows: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein, to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points; By given integer k is set, calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; Among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further, in order to overcome the above problems, in accordance with a further aspect of the present invention, a kind of program is provided, and make computer carry out following function: tree structure is provided with function: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; Reference axis is provided with function: first horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v-→ rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points; Interim directed graph systematic function:, calculate and satisfy n by given integer k is set
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; The longest directed walk is determined function, among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk; And the directed graph systematic function, be no more than the mode of the quantity of the directed edge of long directed walk by quantity with the directed edge of each directed walk, replace the directed edge of forming each directed walk with shorter directed edge and generate directed graph.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further, in order to overcome the above problems, in accordance with a further aspect of the present invention, a kind of program is provided, make computer carry out following function: the key systematic function based on the directed graph that is obtained by described directed graph obtaining step, generates and to be used to encrypt or the set key of decryption content or content key.
Directed graph according to described program obtains as follows: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein, to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points; By given integer k is set, calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds to and set (1 → n-1) relevant interim directed graph, generate and gather (1 → n) relevant interim directed graph, among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further, in order to overcome the above problems, according to an aspect of the present invention, information process unit is provided, comprise: directed graph obtains part, in the interim directed graph of forming by many directed edges, obtain by keeping long directed edge among many directed edges of described interim directed graph and replace the directed graph that at least one directed edge that stays generates forming with shorter directed edge; And the key generating portion, based on the directed graph that obtains by described directed graph acquisition unit branch, generate and to be used to encrypt or the set key of decryption content or content key.
Further,, according to an aspect of the present invention, provide a kind of information process unit, satisfied n for given integer k in order to basis in order to overcome the above problems
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, handle by on the first and the 4th horizontal axis, arranging and have length n
I/kMany directed edges and the directed graph that forms, i=0 wherein, 1, ..., x-1 is numbering 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein at a plurality of leaf nodes that are arranged under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv, for natural number i and j, wherein i≤j, to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1} ..., { j, j-1, ..., i+1, i}}; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, described information process unit comprises: interim directed graph obtains part, obtains interim directed graph; The directed graph generating portion generates directed graph by keep long directed edge among many directed edges forming the described interim directed graph that is obtained by described interim directed graph acquisition unit branch; The longest directed walk determining section among many directed edges forming described directed graph, is determined the maximum quantity of continuous directed edge; Directed edge is replaced part, rebuild described directed graph by replacing at least one directed edge of forming described directed graph with shorter directed edge, so that be no more than the maximum quantity of continuous directed edge, and key generating portion, based on replacing the described directed graph that part is rebuild, generate the set key that is used for encrypted content or content key by described directed edge.
Further, in order to overcome the above problems, according to an aspect of the present invention, information process unit is provided, has comprised: tree structure is provided with part, and configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, wherein i≤j, by gathering (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, j, j-1} ..., { j, j-1 ..., i+1, i}}, at a plurality of leaf nodes that are arranged under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; Reference axis is provided with part, in order to first horizontal axis to be set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and two interim coordinate points all be held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis; And the coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the described first interim coordinate points; Interim directed graph generating portion in order to by given integer k is set, is calculated and is satisfied n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, have the directed edge that is positioned at the head of the first interim coordinate points on first horizontal axis and add that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; The longest directed walk determining section among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming described directed walk; And the directed graph generating portion, the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each bar directed walk with shorter directed edge and generates directed graph.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
With set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gathering (among the relevant interim directed graph of 1v → rv-1), the longest directed walk determining section can be determined the longest directed walk in each interim directed graph about not comprising each interim directed graph of the longest directed walk.Further, in each interim directed graph for each interim directed graph, the directed graph generating portion can be by each directed walk the quantity of directed edge be no more than the mode of the quantity of the directed edge of long directed walk, replace the directed edge of forming each directed walk with shorter directed edge.
Information process unit may further include the key generating portion, generates the set key that is used for encrypted content or content key based on directed graph.
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
Information process unit may further include encryption section, comes encrypted content or content key in order to use described set key.
Information process unit may further include translator unit, in order to respectively with the leaf node 1 to n of forming given binary tree in some or all relevant terminal units transmit interior perhaps content key by described encryption section encryption, wherein n is a natural number.
Directed graph obtains part can obtain the directed graph that the mode of placing towards the end points of each directed walk of being made up of continuous directed edge with directed edge that will be shorter is replaced directed edge.
Information process unit may further include the subclass determining section, in order to being Si by subset definition with leaf node 1 to n, determine to allow the set of deciphering by the terminal unit of the content using set key or content key and encrypt (N R), and definite satisfied set (N R)=S1 ∪ S2 ∪ ... the m of ∪ Sm subclass S1 is to Sm, so that minimize m.
Information process unit may further include translator unit, forms the information of the subclass S1 of set (N R) to Sm in order to information from indication set (N R) to described terminal unit that transmit or indication.
Information process unit may further include decryption portion, in order to by using described set key to come decryption content or content key.
Information process unit may further include receiving unit, and it is relevant with one or more leaf nodes 1 to n (n is a natural number) of forming given binary tree, in order to receive the interior perhaps content key by using described set key to encrypt.
By described receiving unit receive encrypted in perhaps encrypted content key can decipher by one or more information process units, described one or more information process unit is relevant with leaf node as the element of S set, and described S set is included in the leaf node relevant with himself among the S set i of the subclass that is defined as leaf node 1 to n.
Further, in order overcoming the above problems, according to a further aspect in the invention, to provide terminal unit, to have comprised: the key generating portion generates the set key that is used for decryption content or content key based on directed graph.Wherein said directed graph obtains as follows: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein, to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and two interim coordinate points all be held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis; The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points, by given integer k is set, calculates and satisfies n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds to and set (1 → n-1) relevant interim directed graph, generate and gather (1 → n) relevant interim directed graph, among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
Terminal unit may further include decryption portion, deciphers encrypted content key in order to use described set key, and uses through the content key of deciphering and decipher encrypted content.
Terminal unit may further include the judgement part, in order to judge based on received information whether described terminal unit belongs to subclass S1 any one in the Sm, and judge the deciphering that whether allows encrypted content based on result of determination, wherein the subset definition of leaf node 1 to n with tree is Si, and when the set of having determined to allow deciphering by the terminal unit of the content using described set key or described content key and encrypt (N R), determine satisfied (N the R)=S1 ∪ S2 of set ∪ ... the m of ∪ Sm subclass S1 is to Sm, and the information of set (N R) is indicated in reception or indicate composition to gather the information of the subclass S1 of (N R) to Sm.When judging that described terminal unit belongs to subclass S1 any one in Sm, described decryption portion use the set key corresponding with the affiliated subclass of described terminal unit decipher described in content key perhaps.
Further, in order to overcome the above problems, according to a further aspect in the invention, information processing method is provided, comprise: the directed graph obtaining step, in the interim directed graph of forming by many directed edges, obtain by keeping long directed edge among many directed edges of described interim directed graph and replace the directed graph that at least one directed edge that stays generates forming with shorter directed edge; And key generates step, based on the directed graph that is obtained by described directed graph obtaining step, generates and is used to encrypt or the set key of decryption content or content key.
Further,, according to a further aspect in the invention, provide information processing method, satisfied n for given integer k in order to basis in order to overcome the above problems
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, handle by on the first and the 4th horizontal axis, arranging and have length n
I/kMany directed edges and the directed graph that forms, i=0 wherein, 1, ..., x-1 is numbering 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein at a plurality of leaf nodes that are arranged under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv, for natural number i and j, wherein i≤j, to gather (i → j) be defined as { { i}, { i, i+1}, ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1} ..., { j, j-1, ..., i+1, i}}; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, described information processing method comprises: interim directed graph obtaining step, obtain interim directed graph; Directed graph generates step, generates directed graph by keep long directed edge among many directed edges forming the described interim directed graph that is obtained by described interim directed graph obtaining step; The longest directed walk determining step among many directed edges forming described directed graph, is determined the maximum quantity of continuous directed edge; The directed edge replacement step, rebuild described directed graph by replacing at least one directed edge of forming described directed graph with shorter directed edge, so that be no more than the maximum quantity of continuous directed edge, and key generates step, based on the described directed graph of rebuilding by described directed edge replacement step, generate the set key that is used for encrypted content or content key.
Further, raise difficult questions for discussion for more than solving, in accordance with a further aspect of the present invention, information processing method is provided, has comprised: tree structure is provided with step: configuration is by distributed numbering 1 to n (n is a natural number) to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, j, j-1} ..., { j, j-1 ..., i+1, i}}, among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; Reference axis is provided with step: first horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and two interim coordinate points all are held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points; Interim directed graph generates step: by given integer k is set, calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, have the directed edge that is positioned at the head of the first interim coordinate points on first horizontal axis and add that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; The longest directed walk determining step among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming described directed walk; And directed graph generates step, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge and generates directed graph.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further, in order overcoming the above problems, in accordance with a further aspect of the present invention, to provide key generation method, to have comprised: key generates step, generates the set key that is used for decryption content or content key based on directed graph.Described directed graph obtains as follows: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein, to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and two interim coordinate points all be held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis; The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points, by given integer k is set, calculates and satisfies n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds to and set (1 → n-1) relevant interim directed graph, generate and gather (1 → n) relevant interim directed graph, among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further, in order to overcome the above problems, in accordance with a further aspect of the present invention, a kind of program is provided, and make computer carry out following function: tree structure is provided with function: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, wherein n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; Reference axis is provided with function: first horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, two interim coordinate points all are held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points; Interim directed graph systematic function:, calculate and satisfy n by given integer k is set
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and by having length 1, have the directed edge that is positioned at the head of the first interim coordinate points on first horizontal axis and add that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; The longest directed walk is determined function, among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming described directed walk; And the directed graph systematic function, the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge and generates directed graph.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Further,, in accordance with a further aspect of the present invention, provide a kind of program, made computer carry out the key systematic function, generated the set key that is used for decryption content or content key based on directed graph in order to overcome the above problems.Described directed graph obtains by following steps: configuration numbers 1 to n's by having distributed to it, n leaf node, root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein, to gather (i → j) be defined as { { i}, { i, i+1}, ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv; First horizontal axis is set, described first horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 1 → n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, second horizontal axis is set, described second horizontal axis is relevant with root node, and have respectively that (subclass that comprises in 2 ← n) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, for each described intermediate node, the 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v → rv-1) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and the 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively that (subclass that comprises among the 1v+1 ← rv) is relevant with set, and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and two interim coordinate points all be held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis; The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points, by given integer k is set, calculates and satisfies n
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and for each integer i=0 to x-1, have length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis, have length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis, for in first to the 4th horizontal axis each, get rid of and to have the afterbody that is positioned at interim coordinate points or all directed edges of head, and the directed edge of eliminating except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis, generate respectively and set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, by having length 1, the directed edge of head with coordinate points of the right-hand member that is positioned at first horizontal axis adds to and set (1 → n-1) relevant interim directed graph, generate and gather (1 → n) relevant interim directed graph, among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
As mentioned above, the encryption key distribution scheme of use intermediate key and set key enables the generation based on the distribution of the intermediate key of above-mentioned directed graph and set key, thus when deciphering the encrypted content of being distributed, under situation about not increasing for each user (terminal unit), can reduce the quantity of the key that will preserve by each user in order to the worst-case value of the required amount of calculation of generating solution decryption key.
Therefore, by using above technology, new, improved information process unit, terminal unit, information processing method, key generation method and program can be provided, the number of keys that it can hold minimizing to be preserved by terminal unit the recipient, and can reduce and be used for the required amount of calculation of derived cipher key.
Advantage of the present invention
As described in hereinbefore, according to the present invention, the number of keys that can hold minimizing to preserve by terminal unit the recipient.
Description of drawings
Fig. 1 shows the key diagram of encryption key distribution according to an embodiment of the invention system;
Fig. 2 shows the block diagram according to the configuration of the key distribution server of described embodiment and receiver;
Fig. 3 shows the key diagram according to the binary tree structure of basic scheme;
Fig. 4 shows the key diagram according to the directed graph of basic scheme;
Fig. 5 shows the flow chart according to the directed graph computational methods of basic scheme;
Fig. 6 shows the flow chart according to the intermediate key distribution method of basic scheme;
Fig. 7 shows the flow chart according to the set key generation method of basic scheme;
Fig. 8 shows the block diagram according to the configuration of the key distribution server of the first embodiment of the present invention and terminal unit;
Fig. 9 shows the key diagram according to the basic design of the oriented drawing generating method of described embodiment;
Figure 10 shows the flow chart according to the oriented drawing generating method of described embodiment;
Figure 11 shows the flow chart according to (temporarily) oriented drawing generating method of described embodiment;
Figure 12 shows the flow chart of the oriented drawing generating method (LP determines) according to described embodiment;
Figure 13 shows the flow chart of the oriented drawing generating method (PLP determines) according to described embodiment;
Figure 14 shows the flow chart according to the oriented drawing generating method of described embodiment;
Figure 15 shows the key diagram according to an example (k=6) of the directed graph of described embodiment;
Figure 16 shows the key diagram according to an example (k=3) of the directed graph of basic scheme;
Figure 17 shows the key diagram according to an example (k=3) of the directed graph of described embodiment;
Figure 18 shows basic scheme and according to the comparison sheet of the comparison between the cipher key distribution scheme of described embodiment;
Figure 19 show according to a second embodiment of the present invention information process unit and the block diagram of the configuration of terminal unit;
Figure 20 shows the flow chart according to the interim oriented drawing generating method of described embodiment;
Figure 21 shows the key diagram according to an example (k=6) of the interim directed graph of described embodiment;
Figure 22 shows the flow chart according to the summary of the oriented drawing generating method of described embodiment;
Figure 23 shows the flow chart of the oriented drawing generating method (LP determines) according to described embodiment;
Figure 24 shows the flow chart of the oriented drawing generating method (PLP determines) according to described embodiment;
Figure 25 shows the flow chart according to the oriented drawing generating method of described embodiment;
Figure 26 shows the key diagram according to an example (k=6) of the directed graph of described embodiment;
Figure 27 shows basic scheme and according to the comparison sheet of the comparison between the cipher key distribution scheme of described embodiment;
Figure 28 shows the key diagram of an application of encryption key distribution according to an embodiment of the invention system; And
Figure 29 shows the key diagram of an application of encryption key distribution according to an embodiment of the invention system.
Description of reference numerals
100 encryption key distribution systems
102 key distribution servers
104 tree structures are provided with part
106 reference axis are provided with part
108 interim directed graph generating portions
110 directed graph generating portions
112 initial intermediate key are provided with part
114 key generating portions
116 encryption sections
118 translator units
120 subclass determining sections
122 terminal units
124 receiving units
126 judge part
128 key generating portions
130 decryption portion
202 controllers
204 processing units
206 input/output interfaces
208 safe storage parts
210 main memory portion
212 network interfaces
216 media interfaces
218 information mediums
152 key distribution servers
154 tree structures are provided with part
156 reference axis are provided with part
158 interim directed graph generating portions
160 directed graph generating portions
162 initial intermediate key are provided with part
164 key generating portions
166 encryption sections
168 translator units
170 subclass determining sections
172 terminal units
174 receiving units
176 judge part
178 key generating portions
180 decryption portion
Embodiment
Hereinafter, describe the preferred embodiments of the present invention with reference to the accompanying drawings in detail.Notice that in this specification and accompanying drawing, the element with substantially the same function and configuration is represented with identical Reference numeral, and omitted the explanation of its repetition.Although for purpose of description is write subscript with normal font in some parts, the identical thing of its expression.For example, note BTR and BT
RRepresent identical thing.
<the first embodiment 〉
[configuration of encryption key distribution system 100]
Hereinafter, description is according to the configuration of the encryption key distribution system 100 of the first embodiment of the present invention.Fig. 1 shows the key diagram according to the configuration of the encryption key distribution system 100 of described embodiment.
With reference to Fig. 1, encryption key distribution system 100 comprises: key distribution server 102 is configured to the example according to the information process unit of described embodiment; A plurality of terminal units 122, it is owned by a plurality of users respectively; And network, it is connected key distribution server 102 with terminal unit 122.
Above-mentioned network be connect key distribution server 102 with terminal unit 122 so that allow the communication network of duplex communication or single-channel communication.By the public network such as internet, telephone line network, satellite communication network and broadcast channel, such as WAN (wide area network, Wide Area Network), LAN (local area network (LAN), Local Area Network), IP-VPN (Internet Protocol Virtual Private Network, InternetProtocol-Virtual Private Network) and this network of configuration such as the leased line network of WLAN and so on, for example wired or wireless.
By configuring cipher key Distributors 102 such as computer unit, and can transmit various information to external unit by network with server capability.For example, key distribution server 102 can generate encryption key with broadcast encryption scheme, and to terminal unit 122 distribute cryptographic keys.Further, be equipped with as the function that the content distributing server of content distribution service (as video distribution service and electronic music distribution services) is provided according to the key distribution server 102 of present embodiment, and it can be to terminal unit 122 distributing contents.Certainly, key distribution server 102 and the content distributing server unit that can be configured to separate.
For example, described content can be any content-data such as the video content that is assembled by moving image or rest image (as video, TV programme, video frequency program and chart), audio content (as music, lecture and program of radio station), game content, document content, software.Video content not only can comprise video data, can also comprise voice data.
The pseudorandom number generator that is used to generate content key is export the long unit or the program of pseudo-random number sequence at interval by the given seed (seed value) of input, and uses the logic such as linear congruential method or its Saite of horse rotate (Mersenne Twister) method to realize usually.Can be applicable to current being not limited thereto of pseudorandom number generator of present embodiment, and use other logics can generate pseudo random number, perhaps it can be the unit or the program that can generate the pseudo-random number sequence that comprises specific information or condition.
Further, according to the key distribution server 102 of present embodiment encrypted content not only, encrypted content key also, and it is distributed.Really, encryption and distributing contents have been guaranteed level of security to a certain degree.Yet, in order among a large number of users, to handle licensed adding and deletion neatly with user's (being called " permitted user " hereinafter) of the power of using content, encrypted content key and be more favourable with the method that it is distributed.In this case, in this embodiment, key distribution server 102 at first generates a plurality of set keys that are used for the encryption and decryption content key.A plurality of set keys a plurality of subclass with the permitted user that extracts from a large number of users respectively are relevant, as described in the back.Specifically, key distribution server 102 uses the set key that the set of being arranged to have only permitted user just can decrypted content keys to come encrypted content key, and to all users' the encrypted content key of terminal unit 122 distributions.In this configuration, only the terminal unit 122 of permitted user can be deciphered encrypted content key, then by using content key to decipher encrypted content, makes content visual etc. thus.Under the situation that the set of permitted user changes, key distribution server 102 can be handled described change by changing the set key that will be used for encrypted content key.In order to set up above encryption key distribution logic, necessary configuring cipher key Distributor 102 etc. are so that realize the algorithm relevant with distribution with the generation of set key.
Hereinafter, exemplary hardware arrangement according to the configuration of the key distribution server 102 of present embodiment and terminal unit 122 is at first described.Secondly, describe and the basic fundamental relevant according to the encryption key distribution logic of present embodiment.The 3rd, describe configuration in detail, and describe particularly and the difference of basic fundamental on configuration and effect according to the key distribution server 102 and the terminal unit 122 of present embodiment.At last, description is according to the application of the encryption key distribution system of present embodiment.
[hardware configuration of key distribution server 102 and terminal unit 122]
At first, the exemplary hardware arrangement according to the key distribution server 102 and the terminal unit 122 of present embodiment is described hereinafter with reference to Fig. 2.Fig. 2 shows the example that can carry out according to the hardware configuration of the function of the key distribution server 102 of present embodiment and terminal unit 122.
For example, key distribution server 102 and terminal unit 122 comprise controller 202, processing unit 204, input/output interface 206, safe storage part 208, main memory portion 210, network interface 212 and media interface 216.
(controller 202)
Controller 202 is connected to other elements by bus, and it is mainly in order to control each part of described unit based on program stored and data in main memory portion 210.Can come Configuration Control Unit 202 by the processing unit such as CPU (CPU).
(processing unit 204 (key distribution server 102))
For example, the processing unit 204 that comprises in the key distribution server 102 generation and being used to that can carry out encryption, the set key of encryption, the content key of content generates the derivation of the intermediate key of set key.Thus, processing unit 204 can be used as based on the pseudorandom number generator of generating pseudo random number for given data (seed etc.), and processing unit 204 can also be based on given algorithm encrypted content or content key.Can with given algorithm as by the readable procedure stores of processing unit 204 in main memory portion 210.Further, can be in main memory portion 210 or safe storage part 208 with given information stores.The output result that processing unit 204 is handled more than can writing down in main memory portion 210 or safe storage part 208 and carrying out.Can be come configuration process unit 204 by the processing unit such as CPU, perhaps processing unit 204 can integrally form with above-mentioned controller 202.
(processing unit 204 (terminal unit 122))
On the other hand, for example, the generation and being used to that the processing unit 204 that comprises in the terminal unit 122 can be carried out deciphering, the set key of deciphering, the content key of content generates the generation of the intermediate key of set key.Thus, processing unit 204 can be used as based on the pseudorandom number generator of generating pseudo random number for given data (seed etc.), and processing unit 204 can also be based on given algorithm decryption content or content key.Can with given algorithm as by the readable procedure stores of processing unit 204 in main memory portion 210.Further, can be in main memory portion 210 or safe storage part 208 with given information stores.Processing unit 204 can be recorded in and carry out the above output result who handles in main memory portion 210 or the safe storage part 208.Can be come configuration process unit 204 by the processing unit such as CPU, perhaps processing unit 204 can integrally form with above-mentioned controller 202.
(input/output interface 206)
Input/output interface 206 mainly is connected to the input equipment that is used for user's input information and in order to the result of output content or the output equipment of description.For example, input equipment can be keyboard, mouse, trace ball, felt pen, keypad, touch pad etc., and it can be via the wired or wireless input/output interface 206 that is connected to.In some cases, input equipment can be the portable electric appts (as cell phone or PDA (personal digital assistant)) via wired or wireless connection.On the other hand, for example, output equipment can be display unit (as display), audio output apparatus (as loud speaker) etc., and it can be via the wired or wireless input/output interface 206 that is connected to.Input-output apparatus can be built in key distribution server 102 or the terminal unit 122 or be integrated with key distribution server 102 or terminal unit 122.
Input/output interface 206 is connected to other elements by bus, and it can be to the information of transmission such as main memory portion 210 via input/output interface 206 inputs.On the contrary, input/output interface 206 can to output equipment output in main memory portion 210 grades canned data, via the information of inputs such as network interface 212 or the result that obtains by these information of processing in processing unit 204 etc.
(safe storage part 208)
Safe storage part 208 is mainly stored the information that cache needs safely, as content key, set key and intermediate key.For example, can wait by magnetic cell (as hard disk), optical storage unit (as CD), magneto-optic memory cell, semiconductor memory cell and dispose safe storage part 208.Further, for example, can dispose safe storage part 208 by anti-interference (tamper-resistant) memory cell.
(main memory portion 210)
For example, main memory portion 210 can store control program, the encipheror that is used for encrypted content, content key etc., the decrypted program that is used to decipher encrypted content, content key etc. that are used to control other elements, be used to generate the key generator of set key or intermediate key etc.Further, main memory portion 210 can be temporarily or is for good and all stored information from the result of calculation of processing unit 204 output or storage from inputs such as input/output interface 206, network interface 212, media interfaces 216.For example, can wait by magnetic cell (as hard disk), optical storage unit (as CD), magneto-optic memory cell, semiconductor memory cell and dispose main memory portion 210.Further, main memory portion 210 can integrally form with safe storage part 208.
(network interface 212)
For example, network interface 212 is connected to another communication unit on the network etc., and for example, it is to be used to transmit and to receive such as the interface arrangement of the information of content key, set key and intermediate key, the parameter information relevant with encryption and the information relevant with the set of permitted user perhaps in encrypted.Network interface 212 is connected to other elements by bus, and it can transmit the information that the external unit from the network receives to other elements, and perhaps the external unit on network transmits the information of being preserved by other elements.
(media interface 216)
Media interface 216 is to be used for coming the interface of read and write information by link information medium 218 removably, and it is connected to other elements by bus.For example, media interface 216 can be from information medium 218 read messages that connected, and send it to other elements, perhaps the information writing information medium 218 that will provide from other elements.For example, information medium 218 can be such as CD, disk and semiconductor memory portable storage media (removable storage media), under not by the situation of network in short relatively distance via the medium of the wired or wireless information terminal that is connected etc.
In preamble, the example that can realize according to the hardware configuration of the function of the key distribution server 102 of present embodiment and terminal unit 122 has been described.By using general purpose module to be configured in the element each, perhaps can be configured to each in the element by the hardware of the function that is exclusively used in each element.When carrying out present embodiment,, can change the hardware configuration that to use suitably thus according to technical merit.Further, above-mentioned hardware configuration is an example only, and it is not limited thereto certainly.For example, Configuration Control Unit 202 and processing unit 204 can be come, and safe storage part 208 and main memory portion 210 can be disposed by identical memory cell by identical processing unit.Further, decide on using, the configuration of cancellation media interface 216, input/output interface 206 etc. is feasible.Hereinafter, describe the encryption key distribution scheme that realizes by key distribution server 102 with above-mentioned hardware configuration and terminal unit 122 in detail.
[according to the encryption key distribution scheme of basic fundamental]
Before the detailed description that provides according to the encryption key distribution scheme of present embodiment, the technical problem on the basis that is formed for realizing present embodiment is described hereinafter.The configuration present embodiment is so that obtain how significant advantage by adding to improve to following basic fundamental.Therefore, be the feature of present embodiment with improving relevant technology.Thus, follow the basic design of described technical problem hereinafter although be noted that present embodiment, the essence of present embodiment has been merged in improved part, and configuration is visibly different, but also exists and the obvious difference of basic fundamental on advantage.
The encryption key distribution scheme according to basic fundamental that will be described below is called basic scheme.Basic scheme will be divided into a plurality of subclass to the set of the user's of its distributing contents terminal unit, come encrypted content key by the set key that is assigned to each subclass then, and it is distributed.Basic scheme provide be used to solve about to select which subclass, how to generate the set key and how the distribution set key so as to reduce the traffic that is used for encryption key distribution, the quantity of the decruption key that will be preserved by each user, each user is in order to a kind of means of the required problems such as amount of calculation of generating solution decryption key.To Fig. 7, basic scheme is described hereinafter with reference to Fig. 3.
(setting of tree structure)
In basic scheme, will regard as the set that content is distributed the terminal unit (user) of target and be divided into a plurality of subclass.With reference to Fig. 3, a kind of mode according to the basic scheme dividing subset is described hereinafter.Although the mode of dividing subset is current a kind of incessantly, in basic scheme, adopt the mode of utilizing the binary tree dividing subset.Schematically, basic scheme is considered the position relation between the node, distributes a given subclass to each node that forms binary tree, selects user's subclass thus widely with given combination, as being discussed in more detail below.Example by binary tree shown in Figure 3 will more be expressly understood the advantage of this system of selection.With reference to Fig. 3, the method that makes up binary tree is described hereinafter.
At first, the sets definition that uses in the following description is as follows.
The set N={1 of-all terminal units (user), 2 ..., n} (n is 2 power)
For natural number i and j (i≤j):
-[i,j]={i,i+1,i+2,...,j}
-(i→i)=(i←i)={{i}}
-(i→j)={{i},{i,i+1},...,{i,i+1,...,j}}
={[i,i],[i,i+1],[i,i+2],...,[i,j]}
-(i←j)={{j},{j,j-1},...,{j,j-1,...,i}}
=[j,j],[j-1,j],[j-2,j],...,[i,j]}
Hereinafter, the node that will be positioned at the bottom of binary tree (BT) is called leaf node, and the node that will be positioned at the top is called root node, and will be called intermediate node at the node between root node and the leaf node.Leaf node is corresponding with each terminal unit.Further, for the convenience of describing, it is corresponding one by one to suppose that hereinafter terminal unit and user are in, and represents " terminal unit " relevant with leaf node by word " user " in some cases.Fig. 3 shows the example of quantity n=64 of the leaf node of BT.
At first, be that the mode of n (=64) is created BT with the quantity of leaf node.Then, from left to right to each leaf node distribute numbering 1,2 ..., n.
Then, definition is used for adjusting index 1v and the rv that (regulate) will distribute to the subclass of certain intermediate node v.Among the leaf node that is positioned at below certain intermediate node v, be 1v with the number definition of distributing to leftmost side leaf node, and the number definition that will distribute to rightmost side leaf node is rv.Notice that v can be a serial number of distributing to each intermediate node.Thus, intermediate node v indication has the intermediate node of the BT of index v.
Then, be categorized as the intermediate node that two set define BT by intermediate node with BT.Among the intermediate node of BT, the sets definition that will be positioned at the intermediate node in father node left side is BTL, and the sets definition that will be positioned at the intermediate node on father node right side is BTR.The hierarchical relational of the node that set membership as referred to herein indication connects on BT, and it means that father node is positioned at the upper strata and child node is positioned at the relation of lower floor.
Further, the root node of the subclass of the user set relevant with each leaf node and BT is relevant.At first, will gather (1 → n) and set (2 ← n) are associated with root node.Because all leaf nodes all connect in the lower floor of root node, therefore represent root node by the set that comprises those leaf nodes widely or optionally.Specifically, will gather (1 → 64) and the set (2 ← 64) be associated with the root node of Fig. 3.For example, consider set (1 → 64).Set (1 → 64) comprise subclass [1,1], [1,2] ..., [1,64] as its element.For example,, can use subclass [1,64], and it is used as the element of set (1 → 64) and comprises in order to represent all users (leaf node).Further, in order to represent can to use subclass [1,15] and [17,64] except having numbering all users 16, and it is used as set (1 → 64) respectively and gathers the element of (2 ← 64) and comprise.By this way, the combination that is positioned at the leaf node (user) of the lower floor of root node can be represented by the subclass of the set that is associated.
Then, the subclass with user's set is associated with the intermediate node of BT.At first, will gather (1v+1 ← rv) be associated with the intermediate node v that belongs to above-mentioned set B TL.On the other hand, will gather (1v → rv-1) be associated with the intermediate node v that belongs to above-mentioned set B TR.Certainly, these set are associated with all intermediate node v of BT.With reference to Fig. 3, near each intermediate node, indicate these set.For example, about with the intermediate node that is associated of set (2 ← 4), two intermediate nodes that are associated with set (2 ← 2) and set (3 → 3) are present in the lower floor of described intermediate node respectively, and have and number 1 to 4 leaf node and further be connected to it.When the combination of those leaf nodes of expression except having numbering 3, can represent by the group { [1,1], [2,2], [4,4] } or { [1,2], [4,4] } of subclass.Though when subclass [1,1] and [1,2] were the element of the set (1 → 64) relevant with root node, subclass [2,2] and [4,4] were respectively set (2 ← 2) and gather the element of (2 ← 4).
By this way, basic scheme has defined the subclass of user's set by using binary tree BT.This method makes it possible to represent with various combinations user's subclass.To be called aggregation system Φ by the complete or collected works that those subclass are formed, and it will be defined as following expression (1).Thus, following expression (1) is represented the binary tree by above method structure on mathematics.
[expression formula 1]
The method of the binary tree of configuration adjustment subclass has been described hereinbefore.The basic design of basic scheme is the set key that is provided for encrypted content key for each subclass, comes encrypted content key by using each set key, and it is distributed to all users.By defining aforesaid subclass, adjusted at least a kind of mode of the combination that is used for sorted users.Hereinafter, describe by using these subclass to generate the algorithm of set key.
(oriented map generalization)
With reference to Fig. 4 the method for directed graph that expression is used to generate the algorithm of set key that generates is described hereinafter.Yet, before this, describe hereinafter and be used for the set key of encrypted content key and the relation that is used to generate between the intermediate key of gathering key.
As mentioning briefly in the above, basic scheme is used the specific pseudo-random number generator PRSG (pseudo-random sequence generator) that generates the set key.When the input intermediate key t (S0) corresponding with certain subclass S0, PRSG export the set key k (S0) corresponding with subclass S0 and with subclass S1, S2 ..., intermediate key t (S1), t (S2) that Sk (it is relevant with subclass S0) is corresponding ..., t (Sk).Certainly, S set 0 and S1, S2 ..., Sk is the random subset that constitutes aggregation system Φ.Thus, PRSG is the key generation unit.The feature of basic scheme is to adjust the logic that concerns between the input and output of PRSG.Describe to adjust hereinafter S set 0 and S set 1, S2 ..., the directed graph that concerns between the Sk.
The symbol definition that will be used for following description is as follows:
-the intermediate key corresponding: t (Si) with subclass Si
-set the key corresponding: k (Si) with subclass Si
-content key: mek
-pseudorandom number generator: PRSG
(note, the input of t (S0) is expressed as PRSG (t (S0)).On the other hand, will be expressed as t (S1) ‖ from the output of PRSG ... ‖ t (Sk) ‖ k (S0) ← PRSG (t (S0)))
-directed graph: H
(note, will (directed graph that i ← j) is corresponding be expressed as H (i ← j)) with set
-directed edge: E
-directed walk: P
At first, determine parameter k (k is a natural number).In order to simplify, suppose k|log (n) (hereinafter, the truth of a matter of log is 2) in this example.Because therefore the quantity of the intermediate key that the final influence of parameter k will be preserved by terminal unit 122 and generate the required amount of calculation of set key must according to circumstances be provided with parameter k suitably.In Fig. 4, for example, k=6 is set.
Then, the ad hoc fashion of drawing directed graph is described hereinafter.At first, as diagram, the directed graph H corresponding with the intermediate node v that belongs to BTR (1v → rv-1) is described.
(step 1) is provided for making up the directed graph H (horizontal axis of 1v → rv-1).On horizontal axis, (the subclass Si of the element of 1v → rv-1) distributes as coordinate points will to form set.Become big mode from left to right with degree of comprising and arrange the subclass Si that forms coordinate points.For example, adopt directed graph H (5 → 7)=H ({ [5,5], [5,6], [5,7] }) as example, reference axis has from the left side three coordinate points of sequentially having distributed subclass [5,5], [5,6], [5,7] to it.
If the vertical line that starting point was positioned at of dextrad directed graph H is x on the first and the 3rd horizontal axis, then [x is represented in the crosspoint of directed graph H and vertical line y, y], if and the vertical line that starting point was positioned at of left-hand directed graph H is z on the second and the 4th horizontal axis, then [y, z] represented in the crosspoint of directed graph H and vertical line y.
After this, the left side of the coordinate points that is positioned at the reference axis leftmost side will be placed, and the right side of the coordinate points that is positioned at the reference axis rightmost side will be placed as the interim coordinate points of terminal point as the interim coordinate points of starting point.In the reference axis that is provided with by this way, the length L v from the interim coordinate points (starting point) of left end to the interim coordinate points (terminal point) of right-hand member is Lv=rv-1v+ 1.
(step 2) is provided with and constitutes the directed graph H (directed edge of 1v → rv-1).
(S2-1) n is satisfied in calculating
(x-1)/k<Lv≤n
X/kInteger x.Integer x satisfies 1≤x≤k.
(S2-2) carry out following operation by changing counting i from 0 to x-1.Begin from the starting point of the left end of horizontal axis, repeat to be provided with and extend to range coordinate point n
I/kThe dextrad directed edge of coordinate points (jump to range coordinate point n
I/kCoordinate points) till the head of directed edge is up to the standard the terminal point or a overstep of end point that next is to be provided with of right-hand member of reference axis.
(step 3) deletes its tail or head is positioned at all directed edges of interim coordinate points.
If (there are a plurality of directed edges that reach certain coordinate points in step 4), then only stays the longest directed edge, and deletion all directed edges except the longest described directed edge.
(step 1) is to (after the step 4), having finished directed graph H (1v → rv-1) having carried out above step.For example, reference is positioned at as the top of Fig. 4 of example and plays the 3rd layer of directed graph H (33 → 63) that goes up the right side, one group of line that the essence of directed graph H (33 → 63) is made up of the directed edge of the straight line that also extends in a horizontal direction as an ogive curve and an end that is connected to ogive curve.Further, constituting directed graph H (33 → 63) curve and straight line is directed edge.One end of directed edge and the crosspoint of vertical line are coordinate points.Although be not clearly shown that horizontal axis in Fig. 4, horizontal axis is made up of one group of crosspoint between the end of vertical line and directed edge.Further, on directed graph H (33 → 63), described outlined arrow, and the direction of its indication directed edge.Specifically, its represents that all directed edges that constitute directed graph H (33 → 63) are to the right.
So that (mode that 1v → rv-1) is identical, the directed graph H that is associated with the intermediate node v that belongs to BTL is set, and (1v+1 ← rv) and the directed graph H that is associated with root node (1 → n) and H (2 ← n) with directed graph H.Notice that (1v+1 ← rv) and H (during 2 ← n) reference axis, become big mode from right to left with degree of comprising and arrange subclass Si on horizontal axis, and the direction of directed edge are left when directed graph H is set.Further, by directed edge E ([1, n-1], [1, n]) is added to directed graph H (1 → n-1), generate directed graph H (1 → n).On the other hand, by (method of 1v+1 ← rv) identical is provided with directed graph H (2 ← n) with directed graph H.
Directed graph H (1 → 64) by adopting Fig. 4 provides supplemental instruction hereinafter as example.At first, in the horizontal axis of directed graph H (1 → 64), leftmost side coordinate points (with the crosspoint of vertical line 1) be [1,1]=1}, near the coordinate points its right side (with the crosspoint of vertical line 2) is [1,2]={ 1,2}, and near the coordinate points its right side is [1,3]={ 1 again, 2,3}.Further, the arrow indication of tight top of each directed graph or tight below constitutes the direction of all directed edges of this directed graph H.For example, directed graph H (1 → 64) has a directed edge from coordinate points [1,1] to [1,2] and two directed edges that extend to [1,3] and [1,4] from coordinate points [1,2].Further, the stain of describing at the top of Fig. 4 represent respectively from the left side directed graph H (2 → 2), H (3 → 3) ..., H (63 → 63).
The method of configuration directed graph H has been described hereinbefore.Fig. 4 shows the result who draws the directed graph H corresponding with the intermediate node of BT and root node by said method.This example is the situation of n=64 and k=6.Describe hereinafter by using directed graph H to generate the logic of set key.
(generation of set key)
As described above, the set key k (Si) that basic scheme is distributed to each the subclass Si that forms above aggregation system Φ by use comes encrypted content key mek, and it is distributed.Thus, each coordinate points of above-mentioned directed graph H is all corresponding with the subclass Si that is made up of one or more users, and distributes set key k (Si) to it.Further, also intermediate key t (Si) is distributed to above-mentioned each subclass Si, and use it for to generate and gather key k (Si).
Incidentally, because number of repetition is x in the above-mentioned processing of (2-2), 1≤x≤k wherein, therefore k bar directed edges are derived from each coordinate points of directed graph H at most.As be derived from one of certain coordinate points (subclass S0) or more than the subclass of the coordinate points of the destination of a directed edge be with the degree of approach to certain coordinate points be order (the short degree with directed edge is an order) S1, S2 ..., Sk.Note, if be derived from the quantity of the directed edge of coordinate points (subclass S0) be q (q<k), then with Sq+1, Sq+2 ..., Sk treats as dummy argument (dummy), in fact do not use them.
Basic scheme is used in response to the input of λ position and is exported the above-mentioned PRSG of (k+1) λ position output, so that generate set key k (Si).If import the intermediate key t (S0) corresponding with certain coordinate points (subclass S0), then each coordinate points of PRSG output and the head of the directed edge that is positioned at certain coordinate points at its afterbody (subclass S1, S2 ..., Sk) corresponding intermediate key t (S1), t (S2) ..., t (Sk) and for the set key k (S0) of subclass S0.Thus, t (S1) ‖ ... ‖ t (Sk) ‖ k (S0) ← PRSG (t (S0)).By the output of PRSG is demarcated from the left side to each all has the λ position, obtained intermediate key t (S1), t (S2) ..., t (Sk) and gather key k (S0).
For example, with reference to the directed graph H (1 → 64) of Fig. 4, and be primarily focused on coordinate points (subclass S0)=[1,8] (from the 8th coordinate points of left end), article four, directed edge is derived from coordinate points S0, its head be positioned at S1=[1,9], S2=[1,10], S3=[1,12] and S4=[1,16].Therefore, if intermediate key t (S0) is input to PRSG, then can obtain k (S0), t (S1), t (S2), t (S3) and t (S4).Further, if the t (S4) that is obtained is input to PRSG, then can obtain and S11=[1,7], S12=[1,18], S13=[1,20], S14=[1,24] and S15=[1,32] corresponding k (S4) and t (S11), t (S12), t (S13), t (S14) and t (S15).By this way, can calculate a plurality of set key k (Si) by repeatedly using PRSG.
For the purpose that improves fail safe is used intermediate key.Need not pay close attention to especially under the situation of fail safe simultaneously exist reducing the demand that is used to gather the treating capacity that key generates, is feasible from another set key of certain set cipher key calculation directly under the situation of not using intermediate key.For example, in above example, the output when to the set key k (S0) of PRSG input subclass S0 can be k (S1), k (S2), k (S3) and k (S4), and it is used as the set key of each subclass S1 to S4.
As inferring easily from above example, utilize certain intermediate key, by the repeated use of PRSG, can derive intermediate key corresponding and set key with the accessible coordinate points of oriented side chain, described oriented side chain extends from the coordinate points corresponding with certain intermediate key.Therefore, each user only need preserve the intermediate key of minimum number, and it can derive all intermediate key corresponding with the subclass that comprises the user.On the other hand, at least preserve the intermediate key corresponding if generate the key distribution server of the set key that is used for encrypted content key with the initial coordinate point of each directed graph H, then, can derive the set key corresponding with other coordinate points of directed graph by using PRSG repeatedly to carry out processing.
Thus, when the setting up of key distribution system, the keeper of key distribution system is provided with λ position random number for the initial coordinate point (root) of each directed graph H in the key distribution server, for example, and as intermediate key.The initial coordinate point (root) of directed graph H is directed edge origin but the coordinate points that do not have directed edge to arrive.For example, directed graph H (1 → 64) initial coordinate point is the coordinate points [1,1] of the left end of horizontal axis among Fig. 4.
The method that generates the set key has more than been described.The key that above-mentioned set key generation method not only is used in the transmission end of content key generates in the server, and is used in the terminal unit of receiving terminal.
(distribution of intermediate key)
Describe hereinafter from of the distribution of key distribution server to the intermediate key of each user's terminal unit.As briefly mentioning before, must provide a plurality of intermediate key that can derive the set key corresponding to each user's terminal unit with all subclass of the terminal unit that comprises the user.Certainly, must avoid providing the intermediate key of the derivation that enables the set key corresponding, and the quantity of the intermediate key that is preferably provided is being minimum aspect the validity of memory span with the subclass of the terminal unit that does not comprise the user.
In view of the above, the distributor of intermediate key extracts subclass (being also referred to as " subclass under the user u " or " subclass that comprises user u " hereinafter) under the terminal unit with user u as all directed graph H of element.Then, if comprise user u in the subclass corresponding with the initial coordinate point (root) of directed graph H, then the distributor only provides the intermediate key corresponding with initial coordinate point to the terminal unit of user u.On the other hand, if user u belongs to the coordinate points corresponding random subset different with the initial coordinate point of directed graph H, then the distributor seeks such subclass S0, that is: in subclass S0, comprise user u, and in subset p arent (S0), do not comprise user u, and provide the intermediate key t (S0) of subclass S0 to the terminal unit of user u as the father of subclass S0.In other words, if it is different with initial coordinate point and be present among the directed graph H with the corresponding a plurality of coordinate points of the subclass that comprises user u, then the distributor extracts such coordinate points S0 from those coordinate points, that is: in the corresponding subset p arent (S0) of the afterbody of the directed edge of the coordinate points corresponding, do not comprise user u, and the intermediate key t (S0) of coordinate points (S0) is provided to the terminal unit of user u with arrival and subclass S0.If there are a plurality of such coordinate points S0, then provide the intermediate key t (S0) of each coordinate points.Determine the set membership of coordinate points by directed edge, and the coordinate points that is positioned at the directed edge afterbody is as the father of the coordinate points that is positioned at head, and the coordinate points of head that is positioned at directed edge is as the son of the coordinate points that is positioned at afterbody.Hereinafter, the coordinate points parent (S0) that will be positioned at the afterbody of the directed edge that arrives certain coordinate points S0 is called father's coordinate points.If certain coordinate points S0 is the starting point of directed graph H, then do not have father's coordinate points, and if it is not the starting point of directed graph H, then only have father's coordinate points.In a directed graph H, in some cases, can there be a plurality of such coordinate points, that is: in the subclass corresponding, comprise user u, and in the subclass corresponding, do not comprise user u with his father's coordinate points with it.
With reference to the example of Fig. 4, specifically describe the distribution method of intermediate key hereinafter.
(example 1) considers to be distributed to user 1 intermediate key.At first, have subclass under the user 1 as the result of the directed graph H of element, only find directed graph H (1 → 64) as search.User 1 belongs to the subclass [1,1] as the initial coordinate point of directed graph H (1 → 64).Thus, only provide intermediate key t ([1,1]) to user 1.
(example 2) considers to be distributed to user 3 intermediate key.At first, have subclass under the user 3 as the result of the directed graph H of element, find directed graph H (1 → 64), H (2 ← 64), H (2 ← 32), H (2 ← 16), H (2 ← 8), H (2 ← 4) and H (3 → 3) as search.Observe directed graph H (1 → 64), user 3 does not belong to the subclass [1,1] of initial coordinate point, and belong to be positioned at the 3rd and the subclass [1,3] of subsequent point, [1,4] ..., [1,64].Among these coordinate points, his father's coordinate points does not comprise that user 3 coordinate points only is [1,3] and [1,4].Specifically, in coordinate points [1,2], do not comprise user 3 as father's coordinate points parent ([1,3]) that comprises user 3 coordinate points [1,3] and [1,4] and parent ([1,4]).Therefore, provide t ([1,3]) and t ([1,4]) conduct and the corresponding intermediate key of directed graph H (1 → 64) to user 3.In an identical manner, for other directed graphs H (2 ← 64), H (2 ← 32), H (2 ← 16), H (2 ← 8), H (2 ← 4) and H (3 → 3) select corresponding intermediate key, and provide it to user 3.As a result, provide eight intermediate key altogether to user 3.
Sum up processing till the terminal unit that intermediate key is distributed to each user briefly with reference to Fig. 5.The flow chart of the handling process of intermediate key distribution in key distribution server when Fig. 5 shows and sets up in system.
As shown in Figure 5, the key distribution server of key distribution system at first is provided with parameter etc.For example, the key distribution server is determined number of users n, set key and the figure place λ of intermediate key, given parameter k, is passed through the pseudo random number generating algorithm of PRSG etc., and their are announced (publish) terminal unit (S102) to all users.Then, the key distribution server is divided into given subclass with user set, determines then and announces by the aggregation system Φ (with reference to above expression formula (1)) of union (union) expression (S104).Then, determine and announce the directed edge T (step S106) of directed graph H and each directed graph of formation H.Further, determine and the corresponding intermediate key (S108) of each subclass of forming aggregation system Φ.After this, to each user's the necessary intermediate key of terminal unit 122 distributions, so that each user can derive the set key (S110) corresponding with the subclass that comprises the user.
The distribution method of intermediate key has been described hereinbefore.If use above distribution method, then distribute in order to generate the set key, for the intermediate key of the required minimum number of the terminal unit of each permitted user, make it possible to reduce the traffic between key distribution server and the terminal unit thus, and can reduce the memory span that is used for intermediate key in each user's the terminal unit.
(distribution of content key)
The method of distributing encrypted content key mek by the key distribution server is described hereinafter.At first, the key distribution server comes encrypted content key mek by using the set key that only can be generated by the terminal unit 122 of permitted user.Specifically, the set R of the definite user's that will get rid of of key distribution server (be called hereinafter and get rid of the user) terminal unit, set R (being called " getting rid of user's set (R) " hereinafter) by from the set N of all users' terminal unit 1 to n, excluding the terminal unit of getting rid of the user then, determine permitted user terminal unit set N R (being called " set of permitted user (N R) " hereinafter).Then, the subclass Si by from the subclass of forming aggregation system Φ, selecting (i=1,2 ..., m) union represent set (N the R)=S1 ∪ S2 ∪ of permitted user ... ∪ Sm.Although there are a large amount of combinations of subclass Si, select to have the subclass Si of minimum value m.After selecting subclass Si by this way, the key distribution server comes encrypted content key mek by using the set key k (Si) corresponding with each subclass Si.Specifically, by set key k (S1), k (S2) ..., k (Sm) comes encrypted content key mek, and content key mek becomes m encrypted content key mek.Then, m encrypted content key mek is distributed to all users' terminal unit 1 to n.At this moment, the distribution of information that also will indicate the information of set N R of permitted user or m subclass Si of indication to all users' terminal unit 1 arrives n.
Sum up the handling process of the distribution of encrypted content key mek briefly with reference to Fig. 6.Fig. 6 shows the flow chart of the handling process of the distribution that is used for content key.
As shown in Figure 6, the key distribution server at first determine to be got rid of user's set R, and obtain permitted user set N R (S112).Then, from the subclass of forming aggregation system Φ so that the mode of m value minimum select to have union N R m subclass Si (i=1,2 ..., m) (S114).Then, by using corresponding with selected subclass Si respectively set key k (Si) to come encrypted content key mek (S116).Further, to all users' terminal unit 1 to the set N of n distribution indication permitted user information and m encrypted content key mek (S118) of R or each subclass Si.
Encryption method and the distribution method of content key mek have been described hereinbefore.If use above encryption method, be that the mode of required minimum value is selected subclass Si effectively then with the quantity of set key.Owing to come encrypted content key mek thus by the set key that uses minimum requirement, therefore can save and encrypt required amount of calculation, and can reduce the quantity of the encrypted content key mek that will distribute, reduce the traffic thus.
(deciphering of content key)
The decryption processing of encrypted content key in each user's the terminal unit is described hereinafter.Decryption processing is such processing: terminal unit based on receive from above-mentioned key distribution server, the indication set N R of permitted user or information and m ciphertext of m subclass Si, obtain content key mek.
Terminal unit from above-mentioned key distribution server receive encrypted content key and the indication permitted user set N R information or the expression m subclass Si information.Further, terminal unit is analyzed described information, and judges whether it belongs among m the subclass Si any one.If terminal unit does not belong in the subclass any one, then finish decryption processing, because it is a terminal unit of getting rid of the user.On the other hand, if terminal unit is found the subclass Si that it is affiliated, then it derives the set key k (Si) corresponding with subclass Si by using above-mentioned PRSG.The configuration of PRSG is such as previously described.
In this step, if the intermediate key t (Si) corresponding with above subclass Si is provided and it preserved in advance to terminal unit from the key distribution server in advance when setting up, then by deriving the set key k (Si) corresponding with above subclass Si to PRSG input intermediate key t (Si) in system.On the other hand, if terminal unit is not preserved relevant intermediate key t (Si), then terminal unit can be derived the set key k (Si) of expectation by the intermediate key of repeatedly being preserved to the PRSG input.Further, terminal unit is by using the encrypted content key mek of set key k (Si) deciphering that derives by this way.
Specifically describe the derivation of above-mentioned set key k (Si) in the terminal unit with reference to the example of Fig. 4.In user 3 terminal unit, suppose to select " 1,8 " as the subclass under it.As mentioned above, user 3 terminal unit is preserved the intermediate key of subclass [1,4].With reference to the directed graph H (1 → 64) of Fig. 4, the directed edge that extends to coordinate points [1,8] from coordinate points [1,4] is set, and this directed edge has the 3rd shortest length (skip distance) be positioned at the directed edge of coordinate points [1,4] at its afterbody among.Thus, among the output when being used for the intermediate key t ([1,4]) of subclass [1,4] to PRSG input, be the intermediate key t ([1,8]) that is used for subclass [1,8] from the 3rd λ bit position at top.Terminal unit extracts intermediate key t ([1,8]) from the output of PRSG, and it is input to PRSG once more, and extracts final λ bit position, obtains the set key k ([1,8]) of expectation thus.
Similarly, in user 1 terminal unit, suppose to select [1,8] as the subclass under it.User 1 terminal unit is preserved the intermediate key of subclass [1,1].In this case, terminal unit 122 is by being used for [1 from importing to PRSG, 1] intermediate key t ([1,1] extracts from the top the one λ bit position in the output in the time of) (with intermediate key t ([1,2]) correspondence), then from importing intermediate key t ([1 to PRSG, 2] extract from the top the 2nd λ bit position in the output in the time of) (with intermediate key t ([1,4]) correspondence), further from importing intermediate key t ([1 to PRSG, 4] extract from the top the 3rd λ bit position (with intermediate key t ([1,8]) correspondence) in the output in the time of), and finally from importing intermediate key t ([1 to PRSG, 8] extract decline in the output in the time of) (with set key k ([1,8]) correspondence), can obtain the set key k ([1,8]) of expectation.
Sum up the handling process that is used at each user's the encrypted content key mek of terminal unit deciphering with reference to Fig. 7.Fig. 7 shows the flow chart of the handling process of the deciphering that is used for content key in each user's terminal unit.
As shown in Figure 7, each user's terminal unit at first from the key distribution server receive the information of set N R of m encrypted content key mek and indication permitted user or m subclass Si of indication (i=1,2 ..., information m) (S120).Then, terminal unit is based on the subclass Si (S122) of described information search under it, and judges whether it belongs to any one (step S124) among m the subclass Si.
As a result, if terminal unit is found the subclass Si that it is affiliated, then it derives the set key k (Si) corresponding with subclass Si (S126) by using above PRSG.The configuration of PRSG as described above.If the intermediate key t (Si) corresponding with subclass Si is provided and it is preserved in advance to terminal unit by the key distribution server when setting up, then it can derive set key k (Si) by using PRSG once.On the other hand, if terminal unit is not preserved relevant intermediate key t (Si), then it can derive the set key k (Si) of expectation by repeatedly using PRSG.After this, terminal unit is by using set key k (Si) the deciphering encrypted content key mek (S128) that derives by this way.
On the other hand, if terminal unit judges that at step S124 it does not belong among the subclass Si any one, then terminal unit show and output from the terminal unit that allows accessed content with its eliminating (that is, it is to get rid of the user) (S130), and finish the decryption processing of content key.
The decryption method of content key in terminal unit has been described hereinbefore.Be used to generate intermediate key and the PRSG that gathers key by utilization, based on the information and executing above decrypt scheme relevant with directed graph H.Thus, information and the PRSG relevant with directed graph also is essential in each user's terminal unit.Yet, use the method for PRSG to make it possible to minimize the quantity of the intermediate key that will preserve by each user's terminal unit.
Encryption key distribution scheme according to the basic fundamental of described embodiment has been described hereinbefore.By utilizing basic scheme, the quantity of the intermediate key that be preserved by each user's terminal unit is O (k*log (n)), and generates the required amount of calculation (number of operations of PRSG) of set key and be no more than (2k-1) * (n
1/k-1).Yet there are the following problems according to the encryption key distribution scheme of basic fundamental (as be described below shown in Figure 13): the quantity of the intermediate key that be preserved by each user's terminal unit is still very big.
Further, the decisive factor of the required amount of calculation of terminal unit depends on the number of times of carrying out PRSG for the intermediate key that derives expectation when the encrypted content key mek of deciphering.The poorest value is by the expression of the quantity (that is the quantity of jump) from initial coordinate point (root) to farthest final coordinate points (leaf that does not have directed edge to be derived from) directed edge among the directed graph H.In the example depicted in fig. 4,, must pass 11 directed edges (carrying out ten once jumps), this means and carry out PRSG ten once for the initial coordinate point [1,1] from directed graph H (1 → 64) reaches final coordinate points [1,64].Thus, exist the execution number of times of another problem: PRSG too many, and it is very big to be used to derive the amount of calculation of intermediate key thus according to the encryption key distribution scheme of basic fundamental.
The present inventor has carried out the broad research that overcomes the above problems, and has developed the encryption key distribution scheme (as described in hereinafter) according to the first embodiment of the present invention.Rebuild directed graph according to the encryption key distribution scheme of present embodiment by replaced a directed edge forming directed graph with shorter directed edge, realized the minimizing of the quantity of the intermediate key that will preserve by terminal unit 122 thus.Hereinafter, detailed description will be carried out the functional configuration according to the key distribution server 102 and the terminal unit 122 of the encryption key distribution scheme of present embodiment, and the feature and advantage of encryption key distribution scheme.
[configuration of key distribution server 102]
With reference to Fig. 8, be described in more detail below configuration according to the key distribution server 102 of present embodiment.Fig. 8 shows the block diagram according to the configuration of the key distribution server 102 of present embodiment and terminal unit 122.
As shown in Figure 8, key distribution server 102 is provided with part 104, reference axis by tree structure and part 106, interim directed graph generating portion 108, directed graph generating portion 110, initial intermediate key are set part 112, key generating portion 114, encryption section 116, translator unit 118 and subclass determining section 120 are set form.Especially, tree structure being provided with part 104, reference axis is provided with part 106, interim directed graph generating portion 108 and directed graph generating portion 110 and is referred to as the key formation logic and makes up piece.Similarly, initial intermediate key is provided with part 112 and key generating portion 114 and is referred to as key generation piece.
Describe hereinafter and form the element that the key formation logic makes up piece.The key formation logic make up piece carry out with above-mentioned [basic fundamental description] in (setting of tree structure) and (oriented map generalization) corresponding processing.
(tree structure is provided with part 104)
Tree structure is provided with the binary tree that part 104 configuration is made up of n the leaf node that has distributed numbering 1 to n (n is a natural number) to it, root node and a plurality of intermediate node except root node and leaf node, and among a plurality of leaf nodes of the lower floor that is positioned at certain intermediate node v or root node v, the numbering that is positioned at the leaf node of left end is set to 1v, and the numbering that is positioned at the leaf node of right-hand member is set to rv.Further, tree structure be provided with part 104 will gather (1 → n) and the set (2 ← n) distribute to root node, if and certain intermediate node v is positioned at the left side of its father node, to gather then that (1v+1 ← rv) distributes to intermediate node, if intermediate node v is positioned at the right side of its father node, will gather then that (1v → rv-1) distributes to intermediate node.
As mentioned above, tree structure is provided with part 104 and has the configuration of situation that can construct m layer tree structure and hypothesis m=2 (binary tree), for example, can construct and the identical tree structure of binary tree structure (Fig. 3) according to basic scheme.Thus, by tree structure be provided with part 104 structure tree structure each node meaning with according to before the meaning of each node of binary tree structure of described basic scheme structure substantially the same.Although for the purpose of the convenience of describing, binary tree structure is only described hereinafter, it is not limited thereto.
(reference axis is provided with part 106)
Reference axis is provided with part 106 first horizontal axis corresponding with root node is set, on it with gather that (the relevant coordinate points of each subclass that comprises in 1 → n) becomes big mode from left to right with degree of comprising and arranges on described horizontal axis.Then, reference axis is provided with part 106 second horizontal axis corresponding with root node is set, on it with gather that (the relevant coordinate points of each subclass that comprises in 2 ← n) becomes big mode from right to left with degree of comprising and arranges on described horizontal axis.Then, for each intermediate node, reference axis is provided with part 106 three horizontal axis corresponding with certain intermediate node v is set, (the relevant coordinate points of each subclass that comprises among the 1v → rv-1) becomes big mode from left to right with degree of comprising and arranges on described horizontal axis with set on it, and four horizontal axis corresponding with certain intermediate node v is set, and (the relevant coordinate points of each subclass that comprises among the 1v+1 ← rv) becomes big mode from right to left with degree of comprising and arranges on described horizontal axis with set on it.Further, reference axis be provided with part 106 an interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points.
As mentioned above, reference axis is provided with the reference axis that part 106 is provided for making up the directed graph corresponding with each node of the tree structure that part 104 configurations are set by tree structure.First horizontal axis is represented and set (1 → n) reference axis, second horizontal axis is represented and set (2 ← n) corresponding reference axis, the 3rd horizontal axis is represented and the set (reference axis of 1v → rv-1), and the 4th horizontal axis is represented and gather (the reference axis that 1v+1 ← rv) is corresponding.Owing to for each intermediate node v the 3rd horizontal axis and the 4th horizontal axis are set, therefore a plurality of reference axis are set respectively.Specifically, three horizontal axis identical with the quantity of intermediate node and the quantity of the 4th horizontal axis are set.
(interim directed graph generating portion 108)
Interim directed graph generating portion 108 is provided with given integer k, and calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x.Then, to x-1, interim directed graph generating portion 108 has length n by connecting (couple) for each integer i=0
I/kOne or more dextrad directed edge, form its starting point be positioned at first and three axes on the directed walk of coordinate points of the leftmost side, and further have length n by connection
I/kOne or more left-hand directed edge, form its starting point be positioned at second and the 4-coordinate axle on the directed walk of coordinate points of the rightmost side.Then, interim directed graph generating portion 108 is got rid of all directed edges that its afterbody or head are positioned at each interim coordinate points in first to the 4th horizontal axis each.Further, the directed edge of interim directed graph generating portion 108 each coordinate points on arriving first to the 4th horizontal axis, the directed edge of eliminating except the longest directed edge, generate thus respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the relevant interim directed graph I ' of 1v → rv-1) (1 → n-1), I ' (2 ← n), I ' (1v+1 ← rv) and I ' (1v → rv-1).After this, interim directed graph generating portion 108 with the directed edge (its head is the coordinate points that is positioned at the right-hand member of first horizontal axis) with length 1 add to set (1 → n-1) relevant interim directed graph I ' (and 1 → n-1), generate thus and gather (1 → n) relevant interim directed graph I ' (1 → n).
As mentioned above, interim directed graph generating portion 108 generates the preliminary treatment of interim directed graph I ' as the directed graph I that generates expectation.Interim directed graph I ' is corresponding with directed graph H in the basic scheme.
(directed graph generating portion 110)
Directed graph generating portion 110 determines to have the longest directed walk of the directed edge of the maximum quantity that forms directed walk among the directed walk that is formed by continuous directed edge.Determine that the processing of long directed walk can be assigned to carry out by the longest directed walk determination portion, the longest for example described directed walk determining section can be included in the directed graph generating portion 110.Further, directed graph generating portion 110 is no more than the mode of the quantity of the directed edge of long directed walk with the quantity of the directed edge of each directed walk, replaces the directed edge that forms each directed walk with shorter directed edge, generates directed graph thus.
As mentioned above, directed graph generating portion 110 is replaced the directed edge of forming interim directed graph I ' with shorter directed edge, makes up interim directed graph I ' thus and generates the directed graph I that expects.Be described in more detail below relevant technical conceive and the handling process of reconstruction with the interim directed graph I ' that carries out by directed graph generating portion 110.
At first, with reference to Fig. 9 the basic conception relevant with the processing of directed graph generating portion 110 is described.Fig. 9 is the key diagram that schematically shows the processing of directed graph generating portion 110.
With reference to Fig. 9, two directed graph Q ' (A → G) and Q (A → G) (it is created for illustrative purposes) have been drawn.Directed graph Q ' (A → G) corresponding, and directed graph Q (A → G) corresponding with present embodiment with basic scheme.Further, except each directed graph, also drawn multi-drop line, and mark A any one in the G distributed to each bar vertical line.Mark A represents user's terminal unit respectively to G.In the above description of basic scheme, provide explanation by mark 1 to n is distributed to the user, and they are corresponding with it.Therefore, from the left side with subclass [A, A], [A, B] ..., [A, G] distribute to the coordinate points of each reference axis.Further, under each coordinate points, the quantity of the intermediate key that description will be preserved by the user corresponding with each bar vertical line.
Directed graph Q ' (A → G) is at first briefly described in the review of the item of mentioning in the description as basic scheme.Directed graph Q ' (A → G) by four directed edge (A with length 1
B, B
C, D
E, F
G), a directed edge (B who has a directed edge (BD) of length 2 and have length 4
F) form.Consideration is from coordinate points [A, A] to the directed walk P ([A, A], [A, G]) of coordinate points [A, G], and directed walk P ([A, A], [A, G]) is by by the directed edge (A with length 1
B), the directed edge (B that has length 4
F) and directed edge (F with length 1
G) the directed edge chain of Zu Chenging is represented.
Therefore, has the user A (1) of intermediate key t ([A, A]) by import intermediate key t ([A to PRSG, A]) can derive intermediate key t ([A, B]), (2) are by deriving intermediate key t ([A to PRSG input intermediate key t ([A, B]), C]), t ([A, D]) and t ([A, F]), and (3) are by importing intermediate key t ([A to PRSG, F]) can derive intermediate key t ([A, G]).Thus, for user A, must carry out PRSG and the identical number of times of quantity that is formed with to the directed edge of path P ([A, A], [A, G]), so that the intermediate key t ([A, G]) of the terminal point correspondence of derivation and directed walk P ([A, A], [A, G]).This is a number of times of determining user's amount of calculation.(under the situation of A → G), because directed walk P ([A, A], [A, G]) and directed walk P ([A, A], [A, E]) have the directed edge of minimum number, so the length of those directed walks is corresponding with the worst-case value of user's amount of calculation at directed graph Q '.
On the other hand, each user should be able to generate with the user under all corresponding intermediate key of subclass.Owing to this reason, the intermediate key that be preserved in advance by the user should be such: by reuse a plurality of intermediate key that PRSG generates comprise with its under the corresponding whole intermediate key of subclass.Further, should select will be by the intermediate key of each user's preservation, so that minimize its quantity.Thus, the user passes through with reference to directed graph, from with the user under the corresponding coordinate points of subclass select coordinate points so that the subclass corresponding with the afterbody of the directed edge that arrives described coordinate points do not comprise described user, and the preservation intermediate key corresponding with described coordinate points.
For example, (A → G) considering will be by the intermediate key of user C preservation by reference directed graph Q '.Subclass under the user C be [A, C], [A, D] ..., [A, G].(A → G), the afterbody that reaches the directed edge of subclass [A, C], [A, D], [A, F] all is coordinate points [A, B], and it does not comprise user C to be primarily focused on directed graph Q '.Thus, user C need preserve intermediate key t ([A, C]), t ([A, D]) and t ([A, F]).In fact, the quantity of the intermediate key that be preserved by each user is by the vertical line corresponding with each user and the quantitaes in the crosspoint between the directed graph.For example, because the quantity in crosspoint is 2, so user D need preserve two intermediate key.By above method, under each directed graph, calculate and describe the quantity of the intermediate key that will preserve by each user.
More than the meaning of directed graph has only briefly been described in explanation.Based on above explanation, the basic conception of present embodiment is described hereinafter.Such as already mentioned, present embodiment is intended to reduce the quantity of key and does not increase amount of calculation.Consider this situation, describe the method for being taked hereinafter in order to the minimizing number of keys.
Now again with reference to Fig. 9.(then there is the user C with maximum three keys in the cipher key distribution scheme of A → G) based on directed graph Q ' if adopt.Further, the quantity of the key that be preserved by all users is 11.Then, (A → G) changes to Q (A → G) with directed graph Q '.Specifically, replace the directed edge E ([A, B], [A, F]) that extends to [A, F] from coordinate points [A, B] with the directed edge E ([A, D], [A, F]) that extends to [A, F] from coordinate points [A, D].If carried out such change, then the maximum of the number of keys that will be preserved by each user is 2, and it is corresponding with user C and user E.Further, the quantity of the key that be preserved by all users is 9.Thus, before changing and afterwards the quantity of key reduces.Yet, in the example of this change, do not consider amount of calculation.Therefore, (A → G) comprises four directed edges to directed graph Q in from coordinate points [A, A] to [A, G] directed walk P ([A, A], [A, G]), and (worst-case value that A → G) compares amount of calculation slightly increases with directed graph Q '.
In view of the above, present embodiment provides under the condition that the directed graph at the worst-case value that does not cause exceeding amount of calculation changes, and can reduce the configuration of the directed graph generating portion 110 of number of keys based on basic conception shown in Figure 9.To Figure 14, specifically describe the method that generates directed graph I by directed graph generating portion 110 with reference to Figure 10 hereinafter.
At first, the summary by the oriented drawing generating method of directed graph generating portion 110 is described briefly with reference to Figure 10.Figure 10 shows the flow chart of the example of the handling process that generates directed graph.
At first, directed graph generating portion 110 is used the interim directed graph I ' that is generated by interim directed graph generating portion 108, so that generate the directed graph I of expectation.As described above, interim directed graph I ' be with generate by the identical mode of the directed graph H of basic scheme.The generation of carrying out the interim directed graph I ' by interim directed graph generating portion 108 is as first step (S140).
Then, directed graph generating portion 110 is extracted the longest directed walk LP (Longest Path, longest path) (S142) from the directed walk of the interim directed graph I ' that forms all generations.For example, can assign to carry out the step of extracting directed walk LP by the longest directed walk generating unit that is included in the directed graph generating portion 110.Further, never comprise in each of interim directed graph I ' of all generations of the longest directed walk LP and extract the longest directed walk PLP (Partially Longest Path, part longest path) (S144).Thus, from interim directed graph I ', extract directed walk PLP.After this, from the directed edge of forming interim directed graph I ', select given directed edge, and with shorter directed edge replace it (S146).At this moment, directed graph generating portion 110 is carried out the replacement of directed edge based on the length of directed walk LP that extracts and directed walk PLP under the above-mentioned condition of the worst-case value that does not increase amount of calculation.Further, for example, can replace part by the directed edge that comprises in the directed graph generating portion 110 and carry out above-mentioned directed edge replacement step.
The summary that the directed graph that is undertaken by directed graph generating portion 110 generates step has been described hereinbefore.As mentioned above, directed graph generating portion 110 is extracted directed walk LP and directed walk PLP from the interim directed graph I ' that is generated by interim directed graph generating portion 108, select and replace given directed edge based on the length of those directed walks then, generate the directed graph of expectation thus.Provide hereinafter and the corresponding more detailed description of above-mentioned each step.
At first, the generation step of interim directed graph I ' is described with reference to Figure 11.Note, only describe directed graph I ' corresponding with intermediate node v among the interim directed graph I ' (1v → rv-1) hereinafter.At first, interim directed graph generating portion 108 is provided with given integer k, definition Lv=rv-1v+1, and calculate and satisfy n
(x-1)/k<Lv≤n
X/kInteger x (S150).Interim directed graph generating portion 108 changes to the operation of x-1 below carrying out by counting i from 0.Starting point from the left end of horizontal axis repeats to extend to away from described coordinate points n
I/kThe setting of dextrad directed edge of coordinate points (jump to away from described coordinate points n
I/kCoordinate points), till the head of directed edge is up to the standard the head overstep of end point of the terminal point of right-hand member of reference axis or the next directed edge that will be provided with (S152).Then, interim directed graph generating portion 108 its afterbodys of elimination or head are positioned at all directed edges (S154) of interim coordinate points.Further, interim directed graph generating portion 108 is eliminated the directed edge (S156) except the longest directed edge among the directed edge that reaches each coordinate points on the reference axis.
Then, the step of extracting the longest directed walk LP (S160) is described hereinafter with reference to Figure 12.Before describing the longest directed walk LP, it is as follows to define two expression formulas.
-DDT: the length of the longest directed walk LP of expression.
-J (a, b): expression be present in certain directed walk have length b, quantity is the continuous directed edge of a.
(for example, adopt directed graph Q ' shown in Figure 9 (A → G) as example, because directed walk P ([A, A], [A, G])) form by a directed edge with length 1, a directed edge having a directed edge of length 4 and have length 1, therefore it is expressed as J (1,1), J (1,4), J (1,1)).
Directed graph generating portion 110 can for each bar directed walk of forming interim directed graph I ' calculate J (a, b).For example, consider that (1 → n) coordinate points [1,1] extends to the directed walk P ([1,1], [1, n]) of [1, n], and directed walk P ([1,1], [1, n]) is expressed as J (n from interim directed graph I '
1/k-1,1), J (n
1/k-1, n
1/k) ..., J (n
1/k-1, n
(k-2)/k), J (n
1/k-2, n
(k-1)/k), J (n
1/k-1, n
(k-2)/k) ..., J (n
1/k-1, n
1/k), J (n
1/k, 1).Under the situation of the interim directed graph I ' that is generated by above-mentioned interim directed graph generating portion 108, the longest directed walk LP forms interim directed graph I ' (1 → n) directed walk P ([1,1], [1, n]).Directed graph generating portion 110 can be extracted the longest directed walk LP or extract uniquely and form interim directed graph I ' (1 → n) directed walk P ([1,1], [1, n]), and in some cases, directed graph generating portion 110 can be calculated the length of all directed walks of forming interim directed graph I ', and selects the longest directed walk LP among them.At this moment, the length DDT with the longest directed walk LP is expressed as DDT=(2k-1) * (n
1/k-1).After this, directed graph generating portion 110 is provided with expression effective activation tagging (active mark) to all directed edges that form the longest directed walk LP.
Then, with reference to Figure 13, the step of the longest directed walk PLP (except comprising the figure of the longest directed walk LP) of calculating each the interim directed graph I ' corresponding with root node and each intermediate node is described.Figure 13 shows the flow chart of the calculation procedure of directed walk PLP.
Before the description of the longest directed walk PLP of step extract to(for) each directed graph, be defined as follows two expression formulas.
-CP (Current Path): the directed walk of being considered (being referred to as current path)
-#JP (CP): the quantity of the directed edge that in directed walk, comprises.
Directed graph generating portion 110 is extracted directed walk PLP based on following algorithm.
(step 1) directed graph generating portion 110 is determined from the current path CP of the origin-to-destination of directed graph I '.If the directed graph of being considered is directed graph I ' (a → b), then directed walk P ([a, a], [a, b]) is set to current path CP, and if directed graph I ' is (a ← b), then directed walk P ([b, b], [a, b]) is set to current path CP (S162).
(step 2) directed graph generating portion 110 is extracted the longest directed edge among the directed edge that forms current path CP, and its length is set to J (S164).
(step 3) directed graph generating portion 110 judges whether J≤1 sets up (S166), and if J≤1, then current path CP is defined as directed walk PLP, and activation tagging (S176) is set to all directed edges that form directed walk PLP.
If (step 4) J〉1, then directed graph generating portion 110 is judged #JP (CP)+n
1/kWhether-1≤DDT sets up (S168), and if #JP (CP)+n
1/k-1≤DDT is false, and then current path CP is defined as directed walk PLP, and to all directed edges that form directed walk PLP activation tagging (S176) is set.
If (step 5) #JP (CP)+n
1/k-1≤DDT, then directed graph generating portion 110 is calculated and is satisfied J=n
J/kNatural number j (S170).
(step 6) directed graph generating portion 110 is extracted the starting point directed edge (S172) farthest apart from current path CP among the length with formation current path CP is the directed edge of J.
(step 7) directed graph generating portion 110 be right after from (afterbody of the directed edge that extracts the step 6) extend, have a length n
(j-1)/kQuantity be n
1/k-1Directed edge after, add and to have length n
(j-1)/kA directed edge, and remove at (the directed edge that extracts in the step 6) (S174).After this, proceed to that (step 1) also repeats above step.
If carry out the further replacement of directed edge, then when when the directed walk of the origin-to-destination of directed graph I ' is made up of the directed edge that all has length 1, perhaps when the quantity of the directed edge that forms directed walk surpasses DDT, (step 1) is to (the loop ends of the processing that occurs in the step 6) above-mentioned.By above processing, can be for the longest directed walk PLP of each directed graph setting.
With reference to Figure 14, the step of replacing given directed edge is described hereinafter then.In this step, be no more than under the condition of DDT in the quantity of the directed edge that forms directed walk, make up in order to replace the algorithm of the processing of given directed edge with shorter directed edge for each directed graph.
Directed graph generating portion 110 is replaced directed edge based on following algorithm.
(step 1) directed graph generating portion 110 is extracted and is set to activate, does not also have processed (do not have to be provided with and finish) and the longest directed edge among the directed edge of forming directed graph I '.Further, the length of the directed edge that extracted of directed graph generating portion 110 is set to J '.If have many directed edges, then the starting point of directed graph generating portion 110 chosen distance directed graph I ' directed edge (S180) farthest with length J '.Selected directed edge is called WJ (Working Jump, work is jumped), the starting point of directed edge WJ is called WJS, and terminal point is called WJE.Further, will form the quantitaes of directed edge that arrives the directed walk of WJS from the starting point of directed graph I ' is D.
(step 2) directed graph generating portion 110 judges whether the length J ' of directed edge WJ is J '≤1 (S182), if J '≤1, the then directed graph of only being made up of the directed edge that is set to the activate directed graph I (S202) that is set to expect.If J '〉1, then proceed to (step 3).
(if the length J ' of step 3) directed edge WJ is J '〉1, then directed graph generating portion 110 is set to current path CP (S184) from the directed walk that WJS arrives (WJE-1).(WJE-1) be the coordinate points that was right after before WJE.
(step 4) directed graph generating portion 110 is extracted the longest directed edge among the directed edge that forms current path CP, and its length is set to J (S186).
(step 5) directed graph generating portion 110 judges whether the length J of the directed edge that is extracted is J≤1 (S188), if and J≤1, then activation (S198) is set and finishes (done) (S200) to directed edge WJ setting to all directed edges that form current path CP.After this, once more from the (processing of step 1).If J〉1, then proceed to (step 6).
If (step 6) J〉1, then directed graph generating portion 110 is judged #JP (CP)+n
1/kWhether-1≤DDT-D sets up (S190), and if #JP (CP)+n
1/k-1〉DDT-D then is provided with activation (S198) to all directed edges that form current path CP, and finishes (S200) to directed edge WJ setting.After this, begin once more from the (processing of step 1).If #JP (CP)+n
1/k-1≤DDT-D then proceeds to (step 7).
If (step 7) #JP (CP)+n
1/k-1≤DDT-D, then directed graph generating portion 110 is calculated and is satisfied J=n
J/kNatural number j (S192).
(step 8) directed graph generating portion 110 is extracted the starting point directed edge (S194) farthest apart from current path CP among the directed edge with length J that forms current path CP.
(step 9) directed graph generating portion 110 be right after from (afterbody of the directed edge that extracts the step 8) extend, have a length n
(j-1)/kQuantity be n
1/k-1Directed edge after, add and to have length n
(j-1)/kA directed edge, and remove at (the directed edge that extracts in the step 8) (S196).After this, proceed to that (step 3) also repeats above step.
If carry out the further replacement of directed edge, then when the directed walk from WJS to WJE-1 is made up of the directed edge that all has length 1, perhaps when the quantity of the directed edge that forms the directed walk from WJS to WJE-1 surpasses DDT, (step 3) is to (the loop ends of the processing that occurs in the step 9) above-mentioned.On the other hand, when any directed edge setting of forming directed graph I ' not being finished, and do not exist when having length 2 or longer directed edge, (step 1) is to (step 5) or the (loop ends of the processing that occurs in the step 6) above-mentioned.By above processing, can generate the directed graph I of expectation.
At last, show by using the example of the directed graph I that above-mentioned oriented drawing generating method generates.Figure 15 shows and based on having the count complete binary tree (as shown in Figure 3) of n=64 of leaf segment directed graph I under the situation of parameter k=6 is being set.
At first, directed graph H (Fig. 4) that will generate based on basic scheme and the directed graph I (Figure 15) according to present embodiment compare, and following 2 is conspicuous.(1) compare with directed graph H, in directed graph I, the quantity with length 2 or longer directed edge reduces, and the quantity of the directed edge that extends from a coordinate points reduces.(2) any directed walk of forming directed graph I is no more than the length of the longest directed walk LP (P[1,1], [1,64]) of directed graph H.Thus, confirmed to have generated the directed graph I of the quantity that can under the situation that does not increase the worst-case value that generates the required amount of calculation of set key, reduce the intermediate key that to preserve by the user.
Similarly, compare about the situation that parameter k=3 is set.In the cipher key distribution scheme based on basic scheme, the quantity that be distributed to each user's intermediate key is O (k*log (n)), and along with parameter k reduces, and the quantity of the key that be preserved by each user also reduces.Yet there are the following problems: the increase that reduces to have caused amount of calculation of parameter k.Consider this problem, the Research on effect when working as parameter k particularly and reducing.Figure 16 shows the directed graph H that generates based on basic scheme, and Figure 17 shows the directed graph I according to present embodiment.
Will be by the directed graph H (Fig. 4: k=6 that uses identical basic scheme to generate, Figure 16: k=3) compare, in having the directed graph H of k=3, the quantity with length 2 or longer directed edge reduces, and the quantity of the directed edge that extends from a coordinate points reduces.Yet under the situation of k=3, the quantity of the directed edge of the longest directed walk LP ([1,1], [1,64]) of formation directed graph H is 15, its quantity greater than the directed edge under the situation of k=6 (quantity of directed edge=11).Then, to compare according to the directed graph H (Figure 16) of basic scheme and directed graph I (Figure 17) about the same case of k=3 according to present embodiment, although forming the quantity of the directed edge of the longest directed walk LP is 15 (they are identical), the quantity that has length 2 or longer directed edge among the directed graph I still less.Confirm thus, no matter how parameter k can obtain the effect of present embodiment.
In order to understand the effect that reduces number of keys according to present embodiment more quantitatively, the comparative result between basic scheme (being represented by existing scheme) and present embodiment has been shown in the form in Figure 18.With reference to Figure 18, under the situation of k=6, all users are reduced the number of keys that to preserve.Certainly, this is identical for the key sum with key average.Further, the scheme (k=6) of basic scheme (k=3) and present embodiment is compared, the number of keys that be preserved by each user much at one.Relatively show by using the effect that present embodiment can reduce amount of calculation and keep number of keys much at one simultaneously.Although owing to have only the above result of acquisition in the so little realization of n=64 at number of users n, therefore as if the absolute value of the number of keys that will reduce is little, but because the magnitude of number of users differs greatly, therefore the effect that reduces in realizing environment is very tangible.
Having described hereinbefore can be under the situation that not increase the worst-case value that generates the required amount of calculation of set key, the formation logic of the directed graph of the quantity of the intermediate key that minimizing will be preserved by the user.The structure of above-mentioned key formation logic (directed graph) mainly makes up piece by the key formation logic of forming key distribution server 102 and carries out.Yet in order to carry out encryption key distribution based on above key formation logic, other elements are essential.Thus, with reference to Fig. 8 other elements are described hereinafter again.
Again with reference to Fig. 8, except above-mentioned key formation logic made up piece, key distribution server 102 comprised that also initial intermediate key is provided with part 112, key generating portion 114, encryption section 116, translator unit 118 and subclass determining section 120.
(initial intermediate key is provided with part 112)
Initial intermediate key be provided with part 112 for each corresponding directed graph I of each intermediate node of tree, generate the intermediate key corresponding with the initial coordinate point of directed graph I.For example, initial intermediate key is provided with part 112 and can uses pseudorandom number generator to generate random number, and random number is set to each intermediate key corresponding with above initial coordinate point (root), perhaps can be set to each intermediate key by given numerical value.
(key generating portion 114)
For certain directed edge of forming directed graph I, when given intermediate key by the coordinate points of the afterbody of directed edge indication is distributed in input, the set key that 114 outputs of key generating portion are corresponding with the coordinate points of being represented by the afterbody of directed edge and with the corresponding intermediate key of head from all directed edges of the afterbody extension of directed edge.Thus, key generating portion 114 is corresponding with the PRSG of basic scheme.Yet key generating portion 114 is with the different of PRSG of basic scheme: it is based on the directed graph I output intermediate key that is generated by directed graph generating portion 110.If key generating portion 114 is expressed as identical with PRSG, then when the input intermediate key t (S0) corresponding with certain coordinate points S0 of directed graph I, output and its afterbody be positioned at the head of directed edge of described coordinate points corresponding intermediate key t (S1), t (S2) ..., t (Sm) (S0 is corresponding with subclass) and gather key k (S0).Notice that m represents that its afterbody is positioned at the quantity of the directed edge of certain coordinate points S0.
(translator unit 118)
Translator unit 118 will be sent to all users corresponding with leaf node by the content key (will be described later) that encryption section 116 is encrypted.Translator unit 118 is by distributing intermediate key with reference to above-mentioned directed graph I to each user.At this moment, translator unit 118 can with each user can derive with its under the mode of corresponding all intermediate key of subclass distribute the intermediate key of minimum requirement.Specifically, translator unit 118 can extract the affiliated subclass of distribution destination user of intermediate key from form the aggregation system Φ subclass of (with reference to above expression formula (1)), from the coordinate points of the directed graph I corresponding, select a coordinate points with the subclass of being extracted, so that in the subclass corresponding, do not comprise distribution destination user, and only the intermediate key corresponding with selected coordinate points is distributed to distribution destination user with the afterbody of the directed edge that reaches described coordinate points.Yet if the subclass under the distribution destination user of intermediate key is corresponding with the initial coordinate point of directed graph I, translator unit 118 can only be distributed to the intermediate key corresponding with initial coordinate point distribution destination user.Further, translator unit 118 can be as the directed graph distribution of information part of distributing the information of directed graph I to each user.Specifically, when each intermediate key of input, translator unit 118 can be distributed the relevant information of key schedule (as the key generator) with the PRSG that exports given intermediate key and set key based on directed graph I.
Be different from the communication channel of the channel that is used for content distribution by use, can before the distribution of content, carry out the distribution of intermediate key.For example, when in the manufacturing works of terminal unit, making terminal, can be from the intermediate key of key distribution server 102 each terminal of output, and it is recorded on the recording medium, and the intermediate key of each terminal unit of reading from recording medium can be stored in the corresponding terminal unit.
(encryption section 116)
(subclass determining section 120)
The perhaps eliminating user's of the deciphering of content key set (R) in subclass determining section 120 is determined forbid it, and by using the union of the given subclass of from the subclass corresponding, selecting with the coordinate points of directed graph I, from all users' set (N), eliminate the set (R) of getting rid of the user, define the set (N R) of permitted user, determine to form one group of subclass of the set (N R) of permitted user then in the mode of the subclass quantity minimum of the set (N R) of forming permitted user.Subclass determining section 120 can be by forming as the lower part: permitted user set determining section is used for determining the set (N R) of permitted user; And permitted user subclass determining section, be used for determine forming one group of subclass of the set (N R) of permitted user.
In the above described manner by subclass determining section 120 determine to form the set of permitted user subclass (S1, S2 ..., Sm) afterwards, translator unit 118 to each user distribute the set (N R) of permitted user or the set of composition permitted user (N R) subclass (S1, S2 ..., Sm).Further, encryption section 116 use with the subclass of determining by subclass determining section 120 (S1, S2 ..., Sm) corresponding set key, come encrypted content or content key, and translator unit 118 with in encrypted perhaps content key be distributed to each user.
The configuration of key distribution server 102 has according to a preferred embodiment of the invention been described hereinbefore.As mentioned above, the feature of present embodiment mainly is the configuration that the key formation logic makes up piece.Especially, present embodiment has the feature aspect the configuration of the directed graph generating portion 110 that is used to generate the directed graph of determining the key formation logic.Can generate according to the directed graph generating portion 110 of present embodiment can be under not increasing for each user in order to the situation that generates the required amount of calculation of set key, the quantity of the intermediate key that minimizing will be preserved by each user.As a result, the terminal unit that can save each user is in order to preserving the required memory span of intermediate key, and can reduce the distribution cost to each user's terminal unit distribution intermediate key.
[configuration of terminal unit 122]
With reference to Fig. 8, the configuration according to the terminal unit 122 of present embodiment is described hereinafter.
With reference to Fig. 8, terminal unit 122 comprises receiving unit 124, judges part 126, key generating portion 128 and decryption portion 130.
(receiving unit 124)
Receiving unit 124 receives the information of translator unit 118 transmission that comprise from key distribution server 102.For example, receiving unit 124 receives the content of being distributed, encrypted content key, given intermediate key, the information relevant with directed graph I, the information of being correlated with permitted user etc. from key distribution server 102.Further, receiving unit 124 can be from a plurality of information source acquisition of informations, rather than only receive information from single information source.For example, receiving unit 124 can from a plurality of information sources (as key distribution server 102) that connect by wired or wireless network or under not by the situation of network directly or indirectly the information source (as the information medium such as optical disc unit, disk cell and portable terminal unit) of connection obtain information., shares receiving unit 124 information of directed graph I because certainly from another terminal unit 122 reception information, therefore can being configured it with another terminal unit 122 that for example belongs to identical distribution destination group.In this case, identical distribution destination group means the group of checking user (viewer user) of authorizing to the content of distributing from identical or a plurality of key distribution servers 102, and the user's that this is corresponding with the leaf node of above-mentioned tree structure set is corresponding.Further, can provide above-mentioned intermediate key to terminal unit in advance, and it is stored in the terminal unit.
(judging part 126)
Judge that part 126 judges that whether it comprise as the element of the random subset corresponding with the set key that is used for encrypting.Since terminal unit 122 only preserve be used to generate with its under the intermediate key of the corresponding set key of subclass, therefore must based on 102 that use by the key distribution server, in order to the relevant information of the set key of encrypted content or content key, judge in advance whether the subclass under it is included in the subclass corresponding with gathering key.Such judgement is undertaken by judgement part 126.With timing identical or different timings with content key, from key distribution server 102 distribution and the relevant information of set key that are used to encrypt, and by the described information of receiving unit 124 receptions.Be not included in the set key that is used for encrypting if judge the set key corresponding with its affiliated subclass, then terminal unit 122 finishes the processing of content keys, uses the intermediate key of himself preserving to generate the processing of set key and do not carry out.On the contrary, if found with its under the corresponding set key of subclass, then terminal unit 122 is by utilizing PRSG, uses the intermediate key of himself preserving to generate the set key.
(key generating portion 128)
For certain directed edge of forming directed graph I, when given intermediate key by the represented coordinate points of the afterbody of directed edge is distributed in input, 128 outputs of key generating portion with by the corresponding set key of the represented coordinate points of the afterbody of directed edge and with the corresponding intermediate key of head from all directed edges of the afterbody extension of directed edge.Thus, the key generating portion 114 that comprises in key generating portion 128 and the key distribution server 102 is corresponding.If key generating portion 128 is expressed as PRSG, if import the intermediate key t (S0) corresponding with certain coordinate points S0 of directed graph I, then output and its afterbody be positioned at the head of directed edge of coordinate points S0 corresponding intermediate key t (S1), t (S2) ..., t (Sm) and gather key k (S0).Notice that m represents that its afterbody is positioned at the quantity of the directed edge of certain coordinate points S0.Can obtain the information of directed graph I from key distribution server 102, perhaps it is stored in the storage area (not shown) that comprises in the terminal unit 122.
(decryption portion 130)
Configuration according to the terminal unit 122 of present embodiment has been described hereinbefore.As mentioned above, terminal unit 122 can generate the set key of expectation based on the special key formation logic (directed graph I) that is generated by the directed graph generating portion 110 that comprises in the above-mentioned key distribution server 102.As a result, for terminal unit 122, can reduce the quantity of generation in order to the intermediate key of the required preservation of set key of decrypted content keys.
<the second embodiment 〉
Then, description encryption key distribution scheme according to a second embodiment of the present invention.Pass through to generate the interim directed graph of forming by longer directed edge according to the encryption key distribution scheme of present embodiment, replace the directed edge of the interim directed graph of composition to rebuild directed graph thus with shorter directed edge then, can reduce for terminal unit 122, in order to generate the required amount of calculation of set key, reduce the quantity of the intermediate key that will preserve by terminal unit 122 simultaneously.Hereinafter, describe execution in detail according to the functional configuration of the key distribution server 152 of the encryption key distribution scheme of present embodiment, the feature and advantage of encryption key distribution scheme.Be the functional configuration of key distribution server 152 with the main distinction of above-mentioned first embodiment.Thus, by the substantially the same assembly of assembly among identical symbolic representation and above-mentioned first embodiment, and omit redundant description.
[configuration of key distribution server 152]
With reference to Figure 19, be described in more detail below configuration according to the key distribution server 152 of present embodiment.Figure 19 shows the block diagram according to the configuration of the key distribution server 152 of present embodiment and terminal unit 122.
As shown in figure 19, key distribution server 152 is provided with part 154, reference axis by tree structure and part 156, interim directed graph generating portion 158, directed graph generating portion 160, initial intermediate key are set part 162, key generating portion 164, encryption section 166, translator unit 168 and subclass determining section 170 are set form.Especially, tree structure being provided with part 154, reference axis is provided with part 156, interim directed graph generating portion 158 and directed graph generating portion 160 and is referred to as the key formation logic and makes up piece.Similarly, initial intermediate key is provided with part 162 and key generating portion 164 and is referred to as key generation piece.
Describe hereinafter and form the element that the key formation logic makes up piece.The key formation logic make up piece carry out with above-mentioned [basic fundamental description] in (setting of tree structure) and (oriented map generalization) corresponding processing.
(tree structure is provided with part 154)
Tree structure is provided with the binary tree that part 154 configuration is made up of n the leaf node that has distributed numbering 1 to n (n is a natural number) to it, root node and a plurality of intermediate node except root node and leaf node, and among a plurality of leaf nodes of the lower floor that is positioned at certain intermediate node v or root node v, the numbering that is positioned at the leaf node of left end is set to 1v, and the numbering that is positioned at the leaf node of right-hand member is set to rv.Further, tree structure be provided with part 154 will gather (1 → n) and the set (2 ← n) distribute to root node, if and certain intermediate node v is positioned at the left side of its father node, to gather then that (1v+1 ← rv) distributes to intermediate node, if intermediate node v is positioned at the right side of its father node, will gather then that (1v → rv-1) distributes to intermediate node.
As mentioned above, tree structure is provided with part 154 and has the configuration of situation that can construct m layer tree structure and hypothesis m=2 (binary tree), for example, can construct and the identical tree structure of binary tree structure (Fig. 3) according to basic scheme.Thus, by tree structure be provided with part 154 structure tree structure each node meaning with according to before the meaning of each node of binary tree structure of described basic scheme structure substantially the same.Although for the purpose of the convenience of describing, binary tree structure is only described hereinafter, it is not limited thereto.
(reference axis is provided with part 156)
Reference axis is provided with part 156 first horizontal axis is set, and (the relevant coordinate points of each subclass that comprises in 1 → n) becomes big mode to the right with degree of comprising and arranges with set on it.Then, reference axis is provided with part 156 second horizontal axis is set, and (the relevant coordinate points of each subclass that comprises in 2 ← n) becomes big mode left with degree of comprising and arranges with set on it.Then, for each intermediate node v, reference axis is provided with part 156 the 3rd horizontal axis is set, and (the relevant coordinate points of each subclass that comprises among the 1v → rv-1) becomes big mode to the right with degree of comprising and arranges with set on it.Further, for each intermediate node v, reference axis is provided with part 156 the 4th horizontal axis is set, and (the relevant coordinate points of each subclass that comprises among the 1v+1 ← rv) becomes big mode left with degree of comprising and arranges on described horizontal axis with set on it.After this, reference axis is provided with part 156 and two interim coordinate points all is held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis.Further, reference axis is provided with the coordinate points that part 156 is positioned at the right-hand member of first horizontal axis and is set to the first interim coordinate points, and the second interim coordinate points is placed on the first interim coordinate points right side.
As mentioned above, reference axis is provided with the reference axis that part 156 is provided for making up the directed graph corresponding with each node of the tree structure that part 154 configurations are set by tree structure.First horizontal axis is represented and set (1 → n) reference axis, second horizontal axis is represented and set (2 ← n) corresponding reference axis, the 3rd horizontal axis is represented and the set (reference axis of 1v → rv-1), and the 4th horizontal axis is represented and gather (the reference axis that 1v+1 ← rv) is corresponding.Owing to for each intermediate node v the 3rd horizontal axis and the 4th horizontal axis are set, therefore a plurality of reference axis are set respectively.Specifically, three horizontal axis identical with the quantity of intermediate node and the quantity of the 4th horizontal axis are set.
(interim directed graph generating portion 158)
Interim directed graph generating portion 158 is provided with given integer k, and calculates and satisfy n
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x.Then, to x-1, interim directed graph generating portion 158 has length n by connection for each integer i=0
I/kOne or more dextrad directed edge, form its afterbody be positioned at first and three axes on the directed walk of coordinate points of the leftmost side, and further have length n by connection
I/kOne or more left-hand directed edge, form its afterbody be positioned at second and the 4-coordinate axle on the directed walk of coordinate points of the rightmost side.Then, interim directed graph generating portion 158 is got rid of all directed edges that its afterbody or head are positioned at interim coordinate points in first to the 4th horizontal axis each.Further, the directed edge of interim directed graph generating portion 158 each coordinate points on arriving first to the 4th horizontal axis, the directed edge of eliminating except the longest directed edge, generate thus respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant.After this, interim directed graph generating portion 158 is added the directed edge (its head is the coordinate points that is positioned at the right-hand member of first horizontal axis) with length 1 to that (1 → n-1) relevant interim directed graph generates thus and gathers (1 → n) relevant interim directed graph with set.
As mentioned above, interim directed graph generating portion 158 is by generating directed graph with the similar method of basic scheme.Yet, to compare with the directed graph of basic scheme, interim directed graph generating portion 158 can generate the directed graph of being made up of longer directed edge.This has reduced for each user, in order to derive the required amount of calculation (as hereinafter described) of set key.Describe the handling process of the processing of carrying out by interim directed graph generating portion 158 hereinafter in detail with reference to Figure 20.Figure 20 shows the flow chart of the handling process of the directed graph generation of being undertaken by interim directed graph generating portion 158.
With reference to Figure 20, interim directed graph generating portion 158 generates directed graph by following step.Describe by the mode of illustration and to generate and gather (the interim directed graph I ' that 1v → rv-1) the is corresponding (method of 1v → rv-1).
(step 1; S240) (each subclass that comprises among the 1v → rv-1) becomes big mode from left to right with degree of comprising arranges interim directed graph generating portion 158, and places it on the horizontal linear (horizontal axis) by gathering.Say that exactly interim directed graph generating portion 158 will (subset allocation of the element of 1v → rv-1) be given each coordinate points on the horizontal reference axis, and becomes big mode to the right with the degree of comprising of the subclass of being distributed and place coordinate points as set.Then, interim directed graph generating portion 158 is held in place two interim coordinate points on the right side of the coordinate points of the rightmost side on the horizontal axis.Distance L v from leftmost side coordinate points on the reference axis to rightmost side coordinate points is Lv=rv-1v+1.At this moment, interim directed graph generating portion 158 is calculated and is satisfied n
(x-1)/k<Lv≤n
X/kInteger x (1≤x≤k).
(step 2; S242) interim directed graph generating portion 158 integer value i are set to counting, and by carrying out following operation from the 0 counting i that changes to x-1.Begin from the starting point of the left end of horizontal axis, interim directed graph generating portion 158 repeats to extend to away from described coordinate points n
I/kThe setting of dextrad directed edge of coordinate points (jump to away from described coordinate points n
I/kCoordinate points), on the head of directed edge is up to the standard reference axis till the interim coordinate points of its right-hand member or left end or the head of the next directed edge that will be provided with surpass till the arbitrarily interim coordinate points.
(step 3; S244) deletion from the directed edge of creating (step 2) of interim directed graph generating portion 158 arrives all directed edges of interim coordinate points.
(step 4; S246) if there are a plurality of directed edges that arrive certain coordinate points, then interim directed graph generating portion 158 deletions all directed edges except the longest directed edge.
By above processing, interim directed graph generating portion 158 can be by compare the directed graph that longer directed edge is formed with basic scheme.Further, for all intermediate nodes and the root node of forming tree structure, interim directed graph generating portion 158 is by (method of 1v → rv-1) identical generates directed graph with above interim directed graph I '.For example, interim directed graph generating portion 158 generates the interim directed graph I ' corresponding with certain intermediate node v (1v → rv-1), and the further generation interim directed graph I ' corresponding with root node (1 → n) and I (2 ← n).On horizontal axis, form interim directed graph I ' (1v+1 → rv) and I (and 2 ← n), on described horizontal axis, in " direction left ", become big mode and arrange coordinate points with the degree of comprising of the subclass that comprises among each figure.Thus, put upside down by above (the coordinate points queueing discipline on the horizontal axis that step 1) is provided with.Further, ((two interim coordinate points of 2 ← n) are held in place the left side of the coordinate points of the leftmost side on the horizontal axis for 1v+1 → rv) and I will to be used to form interim directed graph I '.By (1 → n-1) generates directed graph I (1 → n) to add directed graph I to directed edge E ([1, n-1], [1, n]).
By utilizing above-mentioned oriented drawing generating method, generate the interim directed graph I ' shown in Figure 21.Figure 21 shows based on have the count complete binary tree of n=64 of leaf segment, the interim directed graph I ' that forms as shown in Figure 3 when parameter k=6 is set.
(directed graph generating portion 160)
Directed graph generating portion 160 determines to have the longest directed walk of the maximum quantity of the directed edge that forms directed walk among the directed walk that the directed edge that is connected by many is formed.Then, directed graph generating portion 160 is rebuild each directed walk by replace the directed edge that forms each directed walk with the set of shorter directed edge, so that be no more than the quantity of the directed edge of long directed walk of formation, and generate the directed graph of forming by the directed walk of rebuilding.
As mentioned above, directed graph generating portion 160 generates the directed graph I of expectation based on the interim directed graph I ' that is made up by interim directed graph generating portion 158.Specifically, although basic scheme only can generate substantially the same with interim directed graph I ' basically directed graph H, but the key distribution server 152 according to present embodiment can generate the directed graph I that represents more effective set key formation logic, and this is because it comprises directed graph generating portion 160.Be described in more detail below the handling process of the processing of carrying out by directed graph generating portion 160.
With reference to Figure 22, the summary of the oriented drawing generating method that is undertaken by directed graph generating portion 160 is described briefly.Figure 22 shows the flow chart of the example of the handling process that generates directed graph.
At first, directed graph generating portion 160 is used the interim directed graph I ' that is generated by interim directed graph generating portion 158, so that generate the directed graph I of expectation.
Then, directed graph generating portion 160 is extracted the longest directed walk LP (Longest Path) (S250) from the directed walk of the interim directed graph I ' that forms all generations.For example, the step of extracting directed walk LP can be assigned to carry out by the longest directed walk generating unit that comprises in the directed graph generating portion 160.Further, never comprise in each of interim directed graph I ' of all generations of the longest directed walk LP and extract the longest directed walk PLP (Partially Longest Path, part longest path) (S252).Therefore, extract directed walk PLP from each interim directed graph I '.After this, from the directed edge of forming interim directed graph I ', select given directed edge, and with shorter directed edge replace it (S254).At this moment, directed graph generating portion 160 based on the length of directed walk LP that is extracted and directed walk PLP, is carried out the replacement of directed edge under the condition that the worst-case value of aforementioned calculation amount does not increase.For example, above-mentioned given directed edge selects step to be assigned to carry out by the replacement directed edge selection portion that comprises in the directed graph generating portion 160.Further, for example, above-mentioned directed edge replacement step can be replaced part by the directed edge that comprises in the directed graph generating portion 160 and be carried out.
The summary that the directed graph that is undertaken by directed graph generating portion 160 generates step has been described hereinbefore.As mentioned above, directed graph generating portion 160 is extracted directed walk LP and directed walk PLP from the interim directed graph I ' that is generated by interim directed graph generating portion 158, select and replace given directed edge based on the length of those directed walks then, generate the directed graph of expectation thus.Provide hereinafter and the corresponding more detailed description of above-mentioned each step.
At first, the step of extracting the longest directed walk LP (S260) is described hereinafter with reference to Figure 23.Before the description of the longest directed walk LP, be defined as follows two expression formulas.
-DDT: the length of the longest directed walk LP of expression.
-J (a, b): be illustrated in have in certain directed walk length b, quantity is the continuous directed edge of a.
Directed graph generating portion 160 can for each directed walk of forming interim directed graph I ' calculate J (a, b).For example, consider that (1 → n) coordinate points [1,1] is expressed as J (n to the directed walk P ([1,1], [1, n]) of [1, n] with directed walk P ([1,1], [1, n]) from interim directed graph I '
1/k-1, n
(k-1)/k), J (n
1/k-1, n
(k-2)/k) ..., J
(n1/k, 1).Under the situation of the interim directed graph I ' that is generated by above-mentioned interim directed graph generating portion 158, directed walk LP forms interim directed graph I ' (1 → n) directed walk P ([1,1], [1, n]).Directed graph generating portion 160 can be extracted the longest directed walk LP or extract uniquely and form interim directed graph I ' (1 → n) directed walk P ([1,1], [1, n]), and in some cases, directed graph generating portion 160 can be calculated and form interim directed graph the I ' (length of all directed walks of 1 → n), and from wherein selecting the longest directed walk LP.At this moment, the length DDT with the longest directed walk LP is expressed as DDT=k* (n
1/ k-1).After this, directed graph generating portion 160 is provided with the effective activation tagging of expression to all directed edges that form the longest directed walk LP.
Then, with reference to Figure 24 the longest directed walk PLP of step calculate to(for) each the interim directed graph I ' (except comprising the figure of the longest directed walk LP) with root node and each intermediate node is described.Figure 24 shows the flow chart of the calculation procedure of directed walk PLP.
Before the step of describing for the longest directed walk PLP of each directed graph extraction, be defined as follows two expression formulas.
-CP (Current Path): the directed walk of being considered (being referred to as current path)
-#JP (CP): the quantity of the directed edge that comprises in the directed walk.
Directed graph generating portion 160 is extracted directed walk PLP based on following algorithm.
(step 1) directed graph generating portion 160 is determined from the current path CP of the origin-to-destination of directed graph I '.If the directed graph of being considered is directed graph I ' (a → b), then directed walk P ([a, a], [a, b]) is set to current path CP, and if directed graph I ' is (a ← b), then directed walk P ([b, b], [a, b]) is set to current path CP (S262).
(step 2) directed graph generating portion 160 is extracted the longest directed edge among the directed edge that forms current path CP, and its length is set to J (S264).
(step 3) directed graph generating portion 160 judges whether J≤1 sets up (S266), and if J≤1, then current path CP is defined as directed walk PLP, and activation tagging (S276) is set to all directed edges that form directed walk PLP.
If (step 4) J〉1, then directed graph generating portion 160 is judged #JP (CP)+n
1/kWhether-1≤DDT sets up (S168), and if #JP (CP)+n
1/k-1≤DDT is false, and then current path CP is defined as directed walk PLP, and to all directed edges that form directed walk PLP activation tagging (S276) is set.
If (step 5) #JP (CP)+n
1/k-1≤DDT, then directed graph generating portion 160 is calculated and is satisfied J=n
J/kNatural number j (S270).
(step 6) directed graph generating portion 160 is extracted the starting point directed edge (S272) farthest apart from current path CP among the directed edge with the length J that forms current path CP.
(step 7) directed graph generating portion 160 be right after from (afterbody of the directed edge that extracts the step 6) extend, have a length n
(j-1)/kQuantity be n
1/k-1Directed edge after, add and to have length n
(j-1)/kA directed edge, and remove at (the directed edge that extracts in the step 6) (S174).After this, proceed to that (step 1) also repeats above step.
If carry out the further replacement of directed edge, then when when the directed walk of the origin-to-destination of directed graph I ' is made up of the directed edge that all has length 1, perhaps when the quantity of the directed edge that forms directed walk surpasses DDT, (step 1) is to (the loop ends of the processing that occurs in the step 6) above-mentioned.By above processing, can be for the longest directed walk PLP of each directed graph setting.
With reference to Figure 25, the step of replacing given directed edge is described hereinafter.In this step, be no more than under the condition of DDT in the quantity of the directed edge that forms directed walk, for each directed walk, make up and replace the algorithm of the processing of given directed edge with shorter directed edge.
Directed graph generating portion 160 is replaced directed edge based on following algorithm.
(step 1) directed graph generating portion 160 is extracted and is set to activate, does not also have processed (do not have to be provided with and finish) and the longest directed edge among the directed edge of forming directed graph I '.Further, the length of the directed edge that extracted of directed graph generating portion 160 is set to J '.If have many directed edges, then the starting point of directed graph generating portion 160 chosen distance directed graph I ' directed edge (S280) farthest with length J '.Selected directed edge is called WJ (Working Jump), the starting point of directed edge WJ is called WJS, and terminal point is called WJE.Further, will form the quantitaes of directed edge that arrives the directed walk of WJS from the starting point of directed graph I ' is D.
(step 2) directed graph generating portion 160 judges whether the length J ' of directed edge WJ is J '≤1 (S282), if J '≤1, the then directed graph of only being made up of the directed edge that is set to the activate directed graph I (S302) that is set to expect.If J '〉1, then proceed to (step 3).
(if the length J ' of step 3) directed edge WJ is J '〉1, then directed graph generating portion 160 is set to current path CP (S284) from the directed walk that WJS arrives (WJE-1).(WJE-1) be the coordinate points that was right after before WJE.
(step 4) directed graph generating portion 160 is extracted the longest directed edge among the directed edge that forms current path CP, and its length is set to J (S286).
(step 5) directed graph generating portion 160 judges whether the length J of the directed edge that is extracted is J≤1 (S288), and if J≤1, then activation (S298) is set and finishes (S300) to directed edge WJ setting to all directed edges that form current path CP.After this, once more from the (processing of step 1).
If (step 6) J〉1, then directed graph generating portion 160 is judged #JP (CP)+n
1/kWhether-1≤DDT-D sets up (S290), and if #JP (CP)+n
1/k-1〉DDT-D then is provided with activation (S298) to all directed edges that form current path CP, and finishes (S300) to directed edge WJ setting.After this, once more from the (processing of step 1).
If (step 7) #JP (CP)+n
1/k-1≤DDT-D, then directed graph generating portion 160 is calculated and is satisfied J=n
J/kNatural number j (S292).
(step 8) directed graph generating portion 160 is extracted the starting point directed edge (S294) farthest apart from current path CP among the directed edge with length J that forms current path CP.
(step 9) directed graph generating portion 160 be right after from (afterbody of the directed edge that extracts the step 8) extend, have a length n
(j-1)/kQuantity be n
1/k-1Directed edge after, add and to have length n
(j-1)/kA directed edge, and remove at (the directed edge that extracts in the step 8) (S296).After this, proceed to that (step 3) also repeats above step.
If carry out the further replacement of directed edge, then when the directed walk from WJS to WJE-1 is made up of the directed edge that all has length 1, perhaps when the quantity of the directed edge that forms the directed walk from WJS to WJE-1 surpasses DDT, (step 3) is to (the loop ends of the processing that occurs in the step 9) above-mentioned.On the other hand, when any directed edge setting of forming directed graph I ' not being finished, and do not exist when having length 2 or longer directed edge, (step 1) is to (step 5) or the (loop ends of the processing that occurs in the step 6) above-mentioned.By above processing, can generate the directed graph I of expectation.
At last, show the example of the directed graph I that uses above-mentioned oriented drawing generating method and generate.Figure 26 shows the complete binary tree based on the quantity n=64 with leaf node shown in Figure 3, the directed graph I under the situation that parameter k=6 is set.
At first, directed graph H (Fig. 4) that will generate based on basic scheme and the directed graph I (Figure 26) according to present embodiment compare, and following 2 is conspicuous.(1) compare with directed graph H, in directed graph I, the quantity with length 2 or longer directed edge reduces, and the quantity of the directed edge that extends from a coordinate points reduces.(2) for the many directed walks on the directed graph I, the quantity of directed edge reduces.Thus, confirm to have generated the directed graph I that can reduce the worst-case value that generates the required amount of calculation of set key and reduce the quantity of the intermediate key that will preserve by the user.
In order to understand the effect that reduces number of keys according to present embodiment more quantitatively, the comparative result between basic scheme and present embodiment has been shown in the form in Figure 27.With reference to Figure 27, the average of the summation (sum of key) of the key that minimizing will be preserved by the user and the key that will preserve by the user.Although owing to have only the above result of acquisition in the so little execution of n=64 at number of users n, therefore as if the absolute value of the number of keys that will reduce is little, but, therefore be desirably in the effect that reduces in the execution environment and occur as very tangible difference because number of users differs greatly.Further, by forming the worst-case value that the quantitaes of the directed edge of long directed walk generates the required amount of calculation of set key, and when being (2k-1) * (n in value described in the directed graph H that generates based on basic scheme
1/k-1) time, in directed graph I, reduced half to k* (n according to present embodiment
1/k-1).
Described hereinbefore and generated the logic of directed graph that can reduce the worst-case value that generates the required amount of calculation of set key and reduce the quantity of the intermediate key that will preserve by the user.The structure of above-mentioned key formation logic (directed graph) mainly makes up piece by the key formation logic of forming key distribution server 152 and carries out.Yet in order to carry out encryption key distribution based on above key formation logic, other elements are essential.Thus, again with reference to Figure 19, other elements are described hereinafter.
Again with reference to Figure 19, except above-mentioned key formation logic made up piece, key distribution server 152 comprised that initial intermediate key is provided with part 162, key generating portion 164, encryption section 166, translator unit 168 and subclass determining section 170.
(initial intermediate key is provided with part 162)
Initial intermediate key be provided with part 162 for each corresponding directed graph I of each intermediate node of tree, generate the intermediate key corresponding with the initial coordinate point of directed graph I.For example, initial intermediate key is provided with part 162 and can uses pseudorandom number generator to generate random number, and random number is set to each intermediate key corresponding with above initial coordinate point (root), perhaps can be set to each intermediate key by given numerical value.
(key generating portion 164)
For certain directed edge of forming directed graph I, when the given intermediate key of the coordinate points of being represented by the afterbody of directed edge is distributed in input, the set key that key generating portion 164 output is corresponding with the coordinate points of being represented by the afterbody of directed edge and with the corresponding intermediate key of head from all directed edges of the afterbody extension of directed edge.Thus, key generating portion 164 is corresponding with the PRSG of basic scheme.Yet key generating portion 164 is with the different of PRSG of basic scheme: it is based on the directed graph I output intermediate key that is generated by directed graph generating portion 160.If key generating portion 164 is expressed as identical with PRSG, then when the input intermediate key t (S0) corresponding with certain coordinate points S0 of directed graph I, output and its afterbody be positioned at the head of directed edge of described coordinate points corresponding intermediate key t (S1), t (S2) ..., t (Sm) (S0 is corresponding with subclass) and gather key k (S0).Notice that m represents that its afterbody is positioned at the quantity of the directed edge of certain coordinate points S0.
(encryption section 166)
(translator unit 168)
Translator unit 168 will be sent to all users corresponding with leaf node by the content key that encryption section 166 is encrypted.Further, translator unit 168 is by distributing intermediate key to each user with reference to above-mentioned directed graph I.At this moment, translator unit 168 can with each with can derive per family with its under the mode of corresponding all intermediate key of subclass distribute the intermediate key of minimum requirement.Specifically, translator unit 168 can extract the affiliated subclass of distribution destination user of intermediate key from form the aggregation system Φ subclass of (with reference to above expression formula (1)), from the coordinate points of the directed graph I corresponding, select a coordinate points with the subclass of being extracted, so that in the subclass corresponding, do not comprise distribution destination user, and only the intermediate key corresponding with selected coordinate points is distributed to distribution destination user with the afterbody of the directed edge that reaches described coordinate points.Yet if the subclass under the distribution destination user of intermediate key is corresponding with the initial coordinate point of directed graph I, translator unit 168 can only be distributed to the intermediate key corresponding with initial coordinate point distribution destination user.Further, translator unit 168 can be as the directed graph distribution of information part of distributing the information of directed graph I to each user.Specifically, when each intermediate key of input, translator unit 168 can be distributed the relevant information of key schedule (as the key generator) with the PRSG that exports given intermediate key and set key based on directed graph I.
Be different from the communication channel of the channel that is used for content distribution by use, can before the distribution of content, carry out the distribution of intermediate key.For example, when in the manufacturing works of terminal unit, making terminal, can be from the intermediate key of key distribution server 152 each terminal of output, and it is recorded on the recording medium, and the intermediate key of each terminal unit of reading from recording medium can be stored in the corresponding terminal unit.
(subclass determining section 170)
The perhaps eliminating user's of the deciphering of content key set (R) in subclass determining section 170 is determined forbid it, and by using the union of the given subclass of from the subclass corresponding, selecting with the coordinate points of directed graph I, from all users' set (N), eliminate the set (R) of getting rid of the user, define the set (N R) of permitted user, determine to form one group of subclass of the set (N R) of permitted user then in the mode of the subclass quantity minimum of the set (N R) of forming permitted user.Subclass determining section 170 can be by forming as the lower part: permitted user set determining section is used for determining the set (N R) of permitted user; And permitted user subclass determining section, be used for determine forming one group of subclass of the set (N R) of permitted user.
In the above described manner by subclass determining section 170 determine to form permitted user set (N R=S1 ∪ S2 ∪ ... ∪ Sm; M is a natural number) subclass (S1, S2 ..., Sm) afterwards, translator unit 168 to each user distribute the set (N R) of permitted user or form the set (N R) of permitted user subclass (S1, S2 ..., Sm).Further, encryption section 166 use with the subclass of determining by subclass determining section 170 (S1, S2 ..., Sm) corresponding set key, come encrypted content or content key, and translator unit 168 with in encrypted perhaps content key be distributed to each user.
The configuration of key distribution server 152 has according to a preferred embodiment of the invention been described hereinbefore.As mentioned above, the feature of present embodiment is that mainly the key formation logic makes up the configuration of piece.Especially, present embodiment has the feature aspect the configuration of the directed graph generating portion 160 that is used to generate the directed graph of determining the key formation logic.Can generate the key formation logic (directed graph) of the quantity that can under not increasing for each user, reduce the intermediate key that to preserve by each user in order to the situation that generates the required amount of calculation of set key according to the directed graph generating portion 160 of present embodiment.As a result, can save the amount of calculation of each user, and can reduce the distribution cost that is used for distributing intermediate key to each user in order to preserve the required memory span of intermediate key and to be used for the key generation.
[application of encryption key distribution system 100]
The application of above-mentioned encryption key distribution system 100 is described at last, hereinafter.
(using 1)
At first, as using 1, figure 28 illustrates the configuration of broadcast encryption system 300.
Figure 28 shows the block diagram of the configuration of the broadcast encryption system that uses broadcasting satellite.In broadcast encryption system 300, encrypted data (being so-called ciphertext) are sent to receiver 310 via broadcast channel.Broadcast channel in the broadcast encryption system 300 is the satellite broadcasting distribution channels.For example, the data that transmit as ciphertext are the contents that comprise encryption key, voice data, video data, text data etc.The broadcasting trust centre of satellite television broadcasting equipment 302 (broadcast trusted center) 304 transmits data to broadcasting satellite 306.For example, broadcasting trust centre 304 selects to be used for encrypted secret key, the perhaps distribution of the encryption of control data and data.Broadcasting satellite 306 broadcast datas.The receiver of installing in dwelling house 310 comprises for example satellite broadcast reception converter, and receives the data of being broadcasted.A plurality of other receivers 310 also can receive the data of being broadcasted.By this way, broadcasting trust centre 304 can transmit data by each receiver 310 in the receiver group of being made up of receiver 310.As hereinafter described, broadcasting trust centre 304 can be deciphered the mode broadcast encryption data of the data of being broadcasted only to authorize receiver 310.Although Figure 28 shows the broadcast system that uses broadcasting satellite 306, also can use other broadcast channels, as wired TV and computer network.
Configuration as the broadcast encryption system 300 of encryption key distribution system 100 has been described hereinbefore.Sum up the relation with encryption key distribution system 100 briefly, it is corresponding with key distribution server 102 to broadcast trust centre 304 exactly, and receiver 310 is corresponding with receiver 122.Broadcasting satellite 306 is as the media of the network that connects them.
(using 2)
Then, as using 2, figure 29 illustrates the configuration of broadcast encryption system 400.
Figure 29 shows the block diagram of the configuration of the broadcast encryption system 400 that uses data medium.In broadcast encryption system 400, broadcast channel is the distribution of data medium.Broadcasting trust centre 404 in the medium manufacturer 402 is such as read-only medium (as CD-ROM, DVD-ROM etc.) with can rewrite in each the event data medium of the medium 406 the medium (as CD-RW, DVD-RW etc.) and store data.In read-only medium, broadcasting trust centre 404 encrypted content key of record and encrypted contents are so that only authorized user can decryption content and visited encrypted content (as sound, video, text etc.).On the other hand, can rewrite in the medium, the encrypted content key of broadcasting trust centre 404 records is so that only the record cell of Shou Quaning can record corresponding data in the recording medium.For example, medium manufacturer 402 sends to distribution agent such as retail shop with medium 406.The receiver 414 of distribution agent 408 in dwelling house 412 provides medium 410.For example, agent 408 is to people's sales media 410 in distribution, and this people brings medium 410 in the dwelling house 412 into, and medium 410 are inserted receivers 414.For example, receiver 414 can be read and playback media 410 in the unit of data of storage, as CD Player, DVD player and computer.As another concrete example, receiver 414 can be can be with data record in medium 410 and from the dish unit of medium 410 reading of data, as the DVD-RW driver.Broadcasting trust centre 404 can be deciphered the mode enciphered data of encrypted data only to authorize receiver 414.
Configuration as the broadcast encryption system 400 of an application of encryption key distribution system 100 has been described hereinbefore.Sum up the relation with encryption key distribution system 100 simply, it is corresponding with key distribution server 102 to broadcast trust centre 404 exactly, and receiver 414 is corresponding with receiver 122.Further, replace to connect their network, distribution media 406 and 410 distribution agent 408 exist as media.
Although describe the preferred embodiments of the present invention with reference to the accompanying drawings, the present invention is not limited thereto certainly.Apparent for a person skilled in the art, under the situation of the scope that does not break away from claim, can carry out various changes and modification, and be intended to comprising in the technical scope of the present invention.
For example, suppose that above-mentioned tree structure is provided with part 104 and forms the tree structure that branch becomes wideer from top to bottom, be not limited thereto, and tree structure can be such: branch becomes wideer from top to bottom, and it is wideer from left to right to become, or it is wideer to become from right to left.In this case, must change the definition of the subclass relevant so that be fit to it with each intermediate node.Yet change is to rotate the tree structure that part 104 configurations are set by above-mentioned tree structure simply, and identical under its meaning and any situation.Further, although interim directed graph generating portion 108 and directed graph generating portion 110 make up directed graph I ' and I by reference axis is set from left to right or from right to left, be identical with right change for having put upside down a left side.Specifically, although in the above description for convenience's sake, come defined parameters based on vertical direction or horizontal direction, but be based on ordinary people or those skilled in the art's general knowledge, even rotation or put upside down tree structure or directed graph to change vertical and horizontal relationship, this also is intended to be contained in identical technical scope.
For example, interim according to an embodiment of the invention directed graph generating portion 108 not only can generate interim directed graph based on above-mentioned basic scheme, can also generate interim directed graph based on another program.For example, interim directed graph can be to have the directed edge of length 1 and have the directed graph that the directed edge of length 2 forms by combination simply, perhaps can be towards directed graph more approaching or that place further from the position of the starting point of directed walk with longer directed edge.Certainly, it can be based on the interim directed graph that generates than the more complicated logic of above-mentioned basic scheme.By this way, the applicable scope of basic design of the present invention is not limited to above-mentioned basic scheme, but has covered the directed graph that generates by various schemes.Certainly, may further include according to the information process unit of present embodiment and obtain or receive obtaining part and can rebuilding directed graph of the directed graph that generates by another information process unit based on specified criteria.
For example, suppose that above-mentioned tree structure is provided with part 154 and forms the tree structure that branch becomes wideer from top to bottom, be not limited thereto, and tree structure can be such: branch becomes wideer from top to bottom, and it is wideer from left to right to become, or it is wideer to become from right to left.In this case, must change the definition of the subclass relevant so that be fit to it with each intermediate node.Yet change is to rotate the tree structure that part 104 configurations are set by above-mentioned tree structure simply, and identical under its meaning and any situation.Further, although interim directed graph generating portion 158 and directed graph generating portion 160 make up directed graph I ' and I by reference axis is set from left to right or from right to left, be identical with right change for having put upside down a left side.Specifically, although in the above description for convenience's sake, come defined parameters based on vertical direction or horizontal direction, but be based on ordinary people or those skilled in the art's general knowledge, even rotation or put upside down tree structure or directed graph to change vertical and horizontal relationship, this also is intended to be contained in identical technical scope.
For example, interim according to an embodiment of the invention directed graph generating portion 158 not only can generate interim directed graph based on above-mentioned basic scheme, can also generate interim directed graph based on another program.For example, interim directed graph can be towards directed graph more approaching or that place further from the position of the starting point of directed walk with longer directed edge.Certainly, it can be based on the interim directed graph that generates than the more complicated logic of above-mentioned basic scheme.By this way, the applicable scope of basic design of the present invention is not limited to above-mentioned basic scheme, but has covered the directed graph that generates by various schemes.Further, the information process unit according to present embodiment may further include the part of obtaining of obtaining given directed graph.In this case, information process unit can generate the set key based on the directed graph that is obtained.
Claims (55)
1, a kind of information process unit comprises:
Directed graph obtains part, is used for obtaining by replacing the directed graph that at least one directed edge of forming described interim directed graph generates at the interim directed graph of being made up of many directed edges with shorter directed edge; And
The key generating portion is used for the directed graph that obtains based on by described directed graph acquisition unit branch, generates to be used to encrypt or the set key of decryption content or content key.
2, information process unit according to claim 1, wherein
Generate described directed graph by replacing at least one directed edge of forming described interim directed graph, so that be no more than the maximum quantity of the continuous directed edge among many directed edges forming described interim directed graph with shorter directed edge.
3, information process unit according to claim 1, wherein
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
4, information process unit according to claim 1, wherein
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
5, information process unit according to claim 1 further comprises:
Initial intermediate key is provided with part, is used for given random number and is set to the intermediate key corresponding with the afterbody of each directed graph.
6, information process unit according to claim 1 further comprises:
Encryption section is used to use described set key to come encrypted content or content key.
7, information process unit according to claim 6 further comprises:
Translator unit is used for to transmitting the interior perhaps content key of being encrypted by described encryption section with some or all relevant terminal units of the leaf node 1 to n of forming given binary tree respectively, and wherein n is a natural number.
8, information process unit according to claim 1, wherein
Described directed graph acquisition unit branch obtains with directed edge that will be shorter towards the end points of each directed walk of being made up of continuous directed edge and the directed graph that the mode of placing is replaced.
9, information process unit according to claim 7 further comprises:
The subclass determining section, being used for by the subset definition with leaf node 1 to n is Si, the set (N R) of the terminal unit of the content of encrypting by use set key or content key is deciphered in definite permission, and definite satisfied (N R)=S1 ∪ S2 ∪ that gathers ... the m of ∪ Sm subclass S1 is to Sm.
10, information process unit according to claim 9, wherein
Described subclass determining section determine subclass S1 to Sm so that minimize m.
11, information process unit according to claim 9 further comprises:
Translator unit is used for transmitting the information of indication set (N R) or indication to described terminal unit and forms the information of the subclass S1 of set (N R) to Sm.
12, information process unit according to claim 1 further comprises:
Decryption portion is used for by using described set key to come decryption content or content key.
13, information process unit according to claim 12 further comprises:
Receiving unit, it is associated to n with one or more leaf nodes 1 of forming given binary tree, is used to receive the described set key of use and the interior perhaps content key encrypted, and wherein n is a natural number.
14, information process unit according to claim 13, wherein
By described receiving unit receive encrypted in perhaps encrypted content key can decipher by one or more information process units, described one or more information process unit is associated with leaf node as the element of S set, and described S set is included in the leaf node that is associated with himself among the S set i of the subclass that is defined as leaf node 1 to n.
15, a kind of information process unit,
By distributed to it number 1 to n, a n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, with the number definition of distributing to the leaf node that is positioned at left end is 1v, and the number definition that will distribute to the leaf node that is positioned at right-hand member is rv
For natural number i and j, i≤j wherein, suppose to gather (i → j) be expressed as i}, and i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be expressed as j}, and j, j-1} ..., j, j-1 ..., i+1, i}},
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis is set, and described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left
Described information process unit comprises:
Directed graph obtains part, is used to obtain the directed graph that generates by at least one directed edge of replacing the interim directed graph of composition with shorter directed edge, and described interim directed graph is according to satisfying n for given integer k
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, have length n by on first to the 4th horizontal axis, arranging
I/kMany directed edges form, i=0 wherein, 1 ..., x-1; And
The key generating portion is used for the directed graph that obtains based on by described directed graph acquisition unit branch, generates to be used to encrypt or the set key of decryption content or content key.
16, a kind of information process unit comprises:
Tree structure is provided with part, is used to dispose by having distributed to it number 1 to n's, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, j, j-1} ..., { j, j-1 ..., i+1, i}}, among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
Reference axis is provided with part, in order to
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
An interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points;
Interim directed graph generating portion, in order to
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and
Add by the directed edge that the head of coordinate points length 1, that have the right-hand member that is positioned at first horizontal axis will be had that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to; And
The directed graph generating portion is used for generating directed graph by replacing remaining directed edge with shorter directed edge.
17, information process unit according to claim 16 comprises:
The key generating portion is used for generating the set key that is used for encrypted content or content key based on described directed graph.
18, information process unit according to claim 17, wherein
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
19, information process unit according to claim 17, wherein
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
20, a kind of terminal unit comprises:
The key generating portion is used for generating the set key that is used for decryption content or content key based on directed graph, and wherein said directed graph obtains as follows:
Configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, wherein i≤j will gather (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
An interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points;
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and
Add by the directed edge that the head of coordinate points length 1, that have the right-hand member that is positioned at first horizontal axis will be had that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to;
Among by the directed walk that forms of residue directed edge, determine to have the longest directed walk of maximum quantity of the directed edge of composition directed walk, and
The quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
21, terminal unit according to claim 20 further comprises:
Decryption portion, be used for by use described set key decipher encrypted in perhaps encrypted content key.
22, terminal unit according to claim 20, wherein
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and with corresponding subclass S1, the S2 of the coordinate points of the head that is positioned at directed edge with the afterbody that is positioned at described coordinate points ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
23, terminal unit according to claim 20, wherein
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
24, terminal unit according to claim 21, wherein
Decryption portion is deciphered encrypted content key by using described set key, and uses through the content key of deciphering and decipher encrypted content.
25, terminal unit according to claim 20 comprises:
Wherein the subset definition of leaf node 1 to n with tree is Si, and
When the set N that has determined to allow deciphering by the terminal unit of the content using described set key or described content key and encrypt R, determine to satisfy set N R=S1 ∪ S2 ∪ ... the m of ∪ Sm subclass S1 is to Sm, and receive indication set N the information of R or indication form set N the subclass S1 of R during to the information of Sm
Judge part, be used for judging based on received information whether described terminal unit belongs to subclass S1 to any one of Sm, and judge the deciphering that whether allows encrypted content based on result of determination.
26, terminal unit according to claim 25, wherein
When judging that described terminal unit belongs to subclass S1 any one in Sm, decryption portion by use with described terminal unit under the corresponding set key of subclass come decryption content or content key.
27, a kind of information processing method comprises:
The directed graph obtaining step obtains by replace the directed graph that at least one directed edge of forming described interim directed graph generates with shorter directed edge in the interim directed graph of being made up of many directed edges; And
Key generates step, based on the directed graph that is obtained by described directed graph acquisition unit branch, generates and is used to encrypt or the set key of decryption content or content key.
28, a kind of information processing method,
By distributed to it number 1 to n, a n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, with the number definition of distributing to the leaf node that is positioned at left end is 1v, and the number definition that will distribute to the leaf node that is positioned at right-hand member is rv
For natural number i and j, i≤j wherein, suppose to gather (i → j) be expressed as i}, and i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be expressed as j}, and j, j-1} ..., j, j-1 ..., i+1, i}},
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis is set, and described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left
Described information processing method comprises:
The directed graph obtaining step obtains the directed graph that generates by at least one directed edge of replacing the interim directed graph of composition with shorter directed edge, and described interim directed graph is according to satisfying n for given integer k
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, have length n by on first to the 4th horizontal axis, arranging
I/kMany directed edges form, i=0 wherein, 1 ..., x-1; And
Key generates step, based on the directed graph that is obtained by described directed graph acquisition unit branch, generates and is used to encrypt or the set key of decryption content or content key.
29, a kind of information processing method comprises:
Tree structure is provided with step:
Configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
Reference axis is provided with step:
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
An interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points;
Interim directed graph generates step:
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and
Add by the directed edge that the head of coordinate points length 1, that have the right-hand member that is positioned at first horizontal axis will be had that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to;
The longest directed walk determining step among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk; And
Directed graph generates step, is no more than the mode of the quantity of the directed edge of long directed walk by the quantity with the directed edge of each directed walk, replaces the directed edge of forming each directed walk with shorter directed edge and generates directed graph.
30, a kind of key generation method comprises:
Key generates step, generates the set key that is used for decryption content or content key based on directed graph, and wherein said directed graph obtains as follows:
Configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, wherein i≤j will gather (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
An interim coordinate points is held in place first to the 4th horizontal axis left end coordinate points the left side and be positioned at the right side of coordinate points of the right-hand member of second to the 4th horizontal axis, and the coordinate points that is positioned at the right-hand member of first horizontal axis is set to interim coordinate points;
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-lv+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and
Add by the directed edge that the head of coordinate points length 1, that have the right-hand member that is positioned at first horizontal axis will be had that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to;
Among by the directed walk that forms of residue directed edge, determine to have the longest directed walk of maximum quantity of the directed edge of composition directed walk, and
The quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
31, a kind of information process unit comprises:
Directed graph obtains part, be used for obtaining by at the interim directed graph of forming by many directed edges, be retained in long directed edge among many directed edges forming described interim directed graph and replace at least one directed edge that stays and the directed graph that generates with shorter directed edge; And
The key generating portion is used for the directed graph that obtains based on by described directed graph acquisition unit branch, generates to be used to encrypt or the set key of decryption content or content key.
32, information process unit according to claim 31, wherein
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
33, information process unit according to claim 31, wherein
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
34, information process unit according to claim 31 further comprises:
Encryption section is used to use described set key to come encrypted content or content key.
35, information process unit according to claim 34 further comprises:
Translator unit is used for to transmitting the interior perhaps content key of being encrypted by described encryption section with some or all relevant terminal units of the leaf node 1 to n of forming given binary tree respectively, and wherein n is a natural number.
36, information process unit according to claim 31, wherein
Described directed graph acquisition unit branch obtains with directed edge that will be shorter towards the end points of each directed walk of being made up of continuous directed edge and the mode of placing is replaced the directed graph of directed edge.
37, information process unit according to claim 35 further comprises:
The subclass determining section, by the subset definition with leaf node 1 to n is Si, be used for determine allowing the set N of deciphering by the terminal unit of the content using set key or content key and encrypt R, and definite satisfied set N R=S1 ∪ S2 ∪ ... the m of ∪ Sm subclass S1 is to Sm, so that minimize m.
38, according to the described information process unit of claim 37, further comprise:
Translator unit, be used for to described terminal unit transmit indication set N the information of R or indication form set N the subclass S1 of R to the information of Sm.
39, information process unit according to claim 31 further comprises:
Decryption portion is used for by using described set key to come decryption content or content key.
40, according to the described information process unit of claim 39, further comprise:
Receiving unit, it is relevant with one or more leaf nodes 1 to n of forming given binary tree, and wherein n is a natural number, is used to receive the interior perhaps content key that uses described set key and encrypt.
41, according to the described information process unit of claim 40, wherein
By described receiving unit receive encrypted in perhaps encrypted content key can decipher by one or more information process units, described one or more information process unit is relevant with leaf node as the element of S set, and described S set is included in the leaf node relevant with himself among the S set i of the subclass that is defined as leaf node 1 to n.
42, a kind of information process unit satisfies n in order to basis for given integer k
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, handle by on the first and the 4th horizontal axis, arranging and have length n
I/kMany directed edges and the interim directed graph that forms, i=0 wherein, 1 ..., x-1,
By distributed to it number 1 to n, a n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein at a plurality of leaf nodes that are arranged under certain intermediate node v or certain the root node v, with the number definition of distributing to the leaf node that is positioned at left end is 1v, and the number definition that will distribute to the leaf node that is positioned at right-hand member is rv
For natural number i and j, i≤j wherein, will gather (i → j) be defined as i}, and i, i+1} ..., i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as j}, and j, j-1} ..., j, j-1 ..., i+1, i}};
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis is set, and described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left
Described information process unit comprises:
Interim directed graph obtains part, is used to obtain interim directed graph;
The directed graph generating portion is used for generating directed graph by long directed edge among many directed edges that are retained in the described interim directed graph that composition obtains by described interim directed graph acquisition unit branch;
The longest directed walk determining section is used to determine among many directed edges forming described directed graph the maximum quantity of directed edge continuously;
Directed edge is replaced part, is used for rebuilding described directed graph by replacing at least one directed edge of forming described directed graph with shorter directed edge, so that be no more than the maximum quantity of continuous directed edge; And
The key generating portion is used for generating the set key that is used for encrypted content or content key based on replacing the described directed graph that part is rebuild by described directed edge.
43, a kind of information process unit comprises:
Tree structure is provided with part, and configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1, ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, j, j-1} ..., { j, j-1 ..., i+1, i}}, at a plurality of leaf nodes that are arranged under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
Reference axis is provided with part, in order to
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
Two interim coordinate points all are held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis; And
The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the described first interim coordinate points;
Interim directed graph generating portion, in order to
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
The one or more dextrad directed edge that has a length ni/k by connection forms the directed walk of the afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and
By with have length 1, have the directed edge that is positioned at the head of the first interim coordinate points on first horizontal axis and add that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to;
The longest directed walk determining section is used among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming described directed walk; And
Directed graph generating portion, the quantity that is used for the directed edge by each directed walk are no more than the mode of the quantity of the directed edge of long directed walk, replace the directed edge of forming each bar directed walk with shorter directed edge and generate directed graph.
44, according to the described information process unit of claim 43, comprising:
The key generating portion is used for generating the set key that is used for encrypted content or content key based on described directed graph.
45, according to the described information process unit of claim 44, wherein
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
46, according to the described information process unit of claim 44, wherein
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
47, a kind of terminal unit comprises:
The key generating portion is used for generating the set key that is used for decryption content or content key based on directed graph, and wherein said directed graph obtains as follows:
Configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, wherein i≤j will gather (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
Two interim coordinate points all are held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis;
The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points,
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant,
By with have directed edge length 1, that have the head of the first interim coordinate points that is positioned at first horizontal axis add to set (1 → n-1) relevant interim directed graph, generate with gather (1 → n) relevant interim directed graph,
Among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and
The quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
48, according to the described terminal unit of claim 47, wherein
In response to the input of the intermediate key t (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output corresponding to the set key k (S) of the subclass S corresponding with described coordinate points and be positioned at the head of directed edge with the afterbody that is positioned at described coordinate points coordinate points S1, S2 ..., intermediate key t (S1), the t (S2) of Sk ..., t (Sk).
49, according to the described terminal unit of claim 47, wherein
In response to the input of the set key k (S) of the subclass S corresponding with certain coordinate points in the described directed graph, described key generating portion output be positioned at the head of directed edge with the afterbody that is positioned at coordinate points S coordinate points S1, S2 ..., set key k (S1), the k (S2) of Sk ..., k (Sk).
50, according to the described terminal unit of claim 48, further comprise:
Decryption portion is used to use described set key to decipher encrypted content key, and uses through the content key of deciphering and decipher encrypted content.
51, according to the described terminal unit of claim 50, further comprise:
Wherein the subset definition of leaf node 1 to n with tree is Si, and
When the set N that has determined to allow deciphering by the terminal unit of the content using described set key or described content key and encrypt R, determine to satisfy set N R=S1 ∪ S2 ∪ ... the m of ∪ Sm subclass S1 is to Sm, and receive indication set N the information of R or indication form set N the subclass S1 of R during to the information of Sm
Judge part, be used for judging based on received information whether described terminal unit belongs to subclass S1 to any one of Sm, and judge the deciphering that whether allows encrypted content, wherein based on result of determination
When judging that described terminal unit belongs to subclass S1 any one in Sm, described decryption portion use the set key corresponding with the affiliated subclass of described terminal unit decipher described in content key perhaps.
52, a kind of information processing method comprises:
The directed graph obtaining step, in the interim directed graph of forming by many directed edges, obtain by keeping long directed edge among many directed edges of described interim directed graph and replace the directed graph that at least one directed edge that stays generates forming with shorter directed edge; And
Key generates step, based on the directed graph that is obtained by described directed graph acquisition unit branch, generates and is used to encrypt or the set key of decryption content or content key.
53, a kind of information processing method satisfies n in order to basis for given integer k
(x-1)/k<(rv-1v+1)≤n
X/kNatural number x, handle by on the first and the 4th horizontal axis, arranging and have length n
I/kMany directed edges and the interim directed graph that forms, i=0 wherein, 1 ..., x-1,
By distributed to it number 1 to n, a n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed in, wherein n is a natural number, and wherein at a plurality of leaf nodes that are arranged under certain intermediate node v or certain the root node v, with the number definition of distributing to the leaf node that is positioned at left end is 1v, and the number definition that will distribute to the leaf node that is positioned at right-hand member is rv
For natural number i and j, i≤j wherein, will gather (i → j) be defined as i}, and i, i+1} ..., i, i+1 ..., i-1, j}}, and will gather (i ← j) be defined as j}, and j, j-1} ..., j, j-1 ..., i+1, i}};
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis is set, and described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis is set, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis is set, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left
Described information processing method comprises:
Interim directed graph obtaining step obtains interim directed graph;
Directed graph generates step, generates directed graph by keep long directed edge among many directed edges forming the described interim directed graph that is obtained by described interim directed graph acquisition unit branch;
The longest directed walk determining step among many directed edges forming described directed graph, is determined the maximum quantity of continuous directed edge;
The directed edge replacement step is rebuild described directed graph by replacing at least one directed edge of forming described directed graph with shorter directed edge, so that be no more than the maximum quantity of continuous directed edge, and
Key generates step, based on replacing the described directed graph that part is rebuild by described directed edge, generates the set key that is used for encrypted content or content key.
54, a kind of information processing method comprises:
Tree structure is provided with step:
Configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, wherein n is a natural number, and for natural number i and j, i≤j wherein will be by gathering (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
Reference axis is provided with step:
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
Two interim coordinate points all are held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis, and
The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points;
Interim directed graph generates step:
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant, and
By with have length 1, have the directed edge that is positioned at the head of the first interim coordinate points on first horizontal axis and add that (1 → n-1) relevant interim directed graph generates and gathers (1 → n) relevant interim directed graph with set to;
The longest directed walk determining step among the directed walk that is formed by continuous directed edge, determines to have the longest directed walk of the maximum quantity of the directed edge of forming described directed walk; And
Directed graph generates step, and the quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge and generates directed graph.
55, a kind of key generation method comprises:
Key generates step, generates the set key that is used for decryption content or content key based on directed graph, and wherein said directed graph obtains as follows:
Configuration numbers 1 to n's by having distributed to it, n leaf node, a root node and be different from root node and binary tree that a plurality of intermediate nodes of leaf node are formed, n is a natural number, and for natural number i and j, wherein i≤j will gather (i → j) be defined as { { i}, { i, i+1} ..., { i, i+1 ..., j-1, j}}, and will gather (i ← j) be defined as { { j}, { j, j-1}, ..., { j, j-1, ..., i+1, i}} is among a plurality of leaf nodes that are positioned under certain intermediate node v or certain the root node v, the numbering of distributing to the leaf node that is positioned at left end is set to 1v, and the numbering of distributing to the leaf node that is positioned at right-hand member is set to rv;
First horizontal axis is set, and described first horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 1 → n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right,
Second horizontal axis, described second horizontal axis is relevant with root node, and have respectively with set (subclass that comprises in 2 ← n) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left,
For each described intermediate node,
The 3rd horizontal axis, described the 3rd horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v → rv-1) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from left to right, and
The 4th horizontal axis, described the 4th horizontal axis is relevant with certain intermediate node v, and have respectively with set (subclass that comprises among the 1v+1 ← rv) relevant and be arranged in coordinate points on the horizontal axis in the mode that degree of comprising increases from right to left, and
Two interim coordinate points all are held in place the right side of coordinate points of right-hand member of the 3rd horizontal axis and the left side of coordinate points that is positioned at the left end of the second and the 4th horizontal axis;
The coordinate points that is positioned at the right-hand member of first horizontal axis is set to the first interim coordinate points, and the second interim coordinate points is placed on the right side of the first interim coordinate points,
By
Given integer k is set,
N is satisfied in calculating
(x-1)/k<(rv-1v+1)≤n
X/kInteger x, and
For each integer i=0 to x-1,
Has length n by connection
I/kOne or more dextrad directed edge form the directed walk of afterbody with the leftmost side coordinate points that is positioned at the first and the 3rd horizontal axis,
Has length n by connection
I/kOne or more left-hand directed edge form the directed walk of afterbody with the rightmost side coordinate points that is positioned at the second and the 4th horizontal axis,
For in first to the 4th horizontal axis each, get rid of and have the afterbody that is positioned at interim coordinate points or all directed edges of head, and
Get rid of the directed edge except the longest directed edge the directed edge of each coordinate points on arriving first to the 4th horizontal axis,
Generate respectively with set (1 → n-1), set (2 ← n), set (1v+1 ← rv) and gather (the interim directed graph that 1v → rv-1) is relevant,
By with have directed edge length 1, that have the head of the first interim coordinate points that is positioned at first horizontal axis add to set (1 → n-1) relevant interim directed graph, generate with gather (1 → n) relevant interim directed graph,
Among the directed walk that forms by continuous directed edge, determine to have the longest directed walk of the maximum quantity of the directed edge of forming directed walk, and
The quantity of the directed edge by each directed walk is no more than the mode of the quantity of the directed edge of long directed walk, replaces the directed edge of forming each directed walk with shorter directed edge.
Applications Claiming Priority (5)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2006310182A JP2008131072A (en) | 2006-11-16 | 2006-11-16 | Information processor, terminal device, information processing method, and key generation method |
| JP310226/2006 | 2006-11-16 | ||
| JP310182/2006 | 2006-11-16 | ||
| JP2006310226A JP2008131079A (en) | 2006-11-16 | 2006-11-16 | Information processor, terminal device, information processing method, and key generation method |
| PCT/JP2007/069387 WO2008059672A1 (en) | 2006-11-16 | 2007-10-03 | Information processing device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101536401A true CN101536401A (en) | 2009-09-16 |
| CN101536401B CN101536401B (en) | 2013-06-05 |
Family
ID=39556535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200780042720.2A Expired - Fee Related CN101536401B (en) | 2006-11-16 | 2007-10-03 | Information processing device |
Country Status (2)
| Country | Link |
|---|---|
| JP (1) | JP2008131072A (en) |
| CN (1) | CN101536401B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833271A (en) * | 2012-09-20 | 2012-12-19 | 桂林电子科技大学 | Solution for potential safety hazards in VPN (virtual private network) |
| CN107925577A (en) * | 2014-06-13 | 2018-04-17 | 百可德罗德公司 | The method and computer program product for generating and managing for encryption key |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008131079A (en) * | 2006-11-16 | 2008-06-05 | Sony Corp | Information processor, terminal device, information processing method, and key generation method |
| EP2086160A1 (en) | 2006-11-16 | 2009-08-05 | Sony Corporation | Information processing device |
| JP5197424B2 (en) * | 2009-02-19 | 2013-05-15 | 三菱電機株式会社 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2008131079A (en) * | 2006-11-16 | 2008-06-05 | Sony Corp | Information processor, terminal device, information processing method, and key generation method |
-
2006
- 2006-11-16 JP JP2006310182A patent/JP2008131072A/en active Pending
-
2007
- 2007-10-03 CN CN200780042720.2A patent/CN101536401B/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102833271A (en) * | 2012-09-20 | 2012-12-19 | 桂林电子科技大学 | Solution for potential safety hazards in VPN (virtual private network) |
| CN102833271B (en) * | 2012-09-20 | 2014-11-26 | 桂林电子科技大学 | Solution for potential safety hazards in VPN (virtual private network) |
| CN107925577A (en) * | 2014-06-13 | 2018-04-17 | 百可德罗德公司 | The method and computer program product for generating and managing for encryption key |
| CN107925577B (en) * | 2014-06-13 | 2020-04-24 | 百可德罗德公司 | Method and computer readable medium for encryption key generation and management |
Also Published As
| Publication number | Publication date |
|---|---|
| JP2008131072A (en) | 2008-06-05 |
| CN101536401B (en) | 2013-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100576196C (en) | Content enciphering method, system and utilize this encryption method that the method for content is provided by network | |
| CN103348623B (en) | Termination, checking device, key distribution device, content reproducing method and cryptographic key distribution method | |
| CN101663856B (en) | Key providing system, key providing apparatus, terminal apparatus, key providing method, and key generating method | |
| CN105847228A (en) | Access control framework for information centric networking | |
| US8300814B2 (en) | Information processing unit, terminal unit, information processing method, key generation method and program | |
| EP2086160A1 (en) | Information processing device | |
| JP5198539B2 (en) | Storage device, access device and program | |
| JP2016158189A (en) | Change direction with key control system and change direction with key control method | |
| CN106598882A (en) | Secure memory data protection method and device | |
| Cui et al. | A practical and efficient bidirectional access control scheme for cloud-edge data sharing | |
| CN101536401B (en) | Information processing device | |
| CN101138193A (en) | Data processing apparatus | |
| CN103039034A (en) | Invalidation-list generation device, invalidation-list generation method, and content-management system | |
| CN101542966B (en) | Information processing device | |
| JP2005141436A (en) | Information distribution storing method and information distribution storing system and its device and its program and recording medium | |
| WO2007142170A1 (en) | System for disabling unauthorized person, encryption device, encryption method, and program | |
| KR20090127716A (en) | Method of tracing device keys for broadcast encryption | |
| CN107070900B (en) | It can search for re-encryption method based on what is obscured | |
| CN107637013A (en) | Key exchange method, cipher key exchange system, key distribution device, communicator and program | |
| US7210042B2 (en) | Device information generating device, device information generating method, control data generating device, control data generating method, content utilizing device, content utilizing method, and storage medium | |
| WO2005059776A2 (en) | Key assignment method for content distribution | |
| JP5286748B2 (en) | Information processing apparatus, key setting method, and program | |
| US11451518B2 (en) | Communication device, server device, concealed communication system, methods for the same, and program | |
| Jin et al. | Efficient coalition detection in traitor tracing | |
| CN101641904B (en) | Key providing system, terminal equipment, and information processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130605 Termination date: 20151003 |
|
| EXPY | Termination of patent right or utility model |